Application Security

Do you require access to your customer's network or systems?

No. QR Planet offers an online SaaS (Software as a Service) QR solution. No access to any customer networks or systems is necessary for delivery of our services.

Are outside development resources utilized?

Do you use applications to handle Scoped Data?

Yes. QR Planet uses applications to transmit, process and store Scoped Data. This happens in accordance with common best practices and all internal policies..

Do you use Web Servers for handling Scoped Data?

Yes. QR Planet uses Web Servers to transmit, process and store Scoped Data if necessary for rendering our services.

Do you employ a logical or physical segregation between network components?

Yes. Segregation between web, application and database components is an integral part of our environment's setup.

QR Planet's Change Management Policy

Our Change Management Policy has been developed, documented and approved by management and appropriate consultants. It has been communicated to employees.

Do you use open source software or libraries to handle sensitive data of any kind?

No. QR Planet doesn't transmit, process or store sensitive data with open source software or within open source libraries.

Are QR Planet's web applications configured to follow best practices?

QR Planet's web applications are configured to adhere to current best practices like the security guidelines by the OWASP.

Do you disallow preconfigured accounts for normal operations and monitor for their usage?

All preconfigured accounts are either deactivated or reconfigured (e.g. password change according to our Password Policy) for safe use within our environments.

Do you perform application development?

Yes. QR Planet offers Saas (Software as a Service). Applications are developed in accordance with our formal Software Development Life Cycle (SDLC) Policy.

Do you validate data input into applications developed by QR Planet?

Yes. In accordance with any of QR Planet's applicable internal Policies and relevant requirements, data input into applications developed is always validated.

Has your SDLC Policy been approved by management and communicated to appropriate Constituents?

The Policy has been approved by management but as a small company, communication of our SDLC towards employees or consultants happens during the onboarding phase.

Do you perform reviews concerning compliance with web server software security standards?

Yes.Management and appropriate consultants regularly review and validate compliance of all web servers and other devices concerning software security standards.

Do you prohibit the use of web server software versions that are no longer supported or updated by its publisher?

Yes. Software versions that are no longer actively supported by the software publisher and for which no more security patches are released, are prohibited.

Are available high-risk web server software security patches applied regularly?

Yes. All web server and other software high-risk security patches are applied and verified at least monthly, or when available.

Are sample applications and scripts removed from web servers?

Yes. In accordance with any of QR Planet's relevant internal Policies, all sample applications and scripts are removed from web servers when put into service.

Is HTTPS enabled for all of QR Planet's web pages?

Yes. In accordance with any of QR Planet's relevant internal Policies and current security standards, all of QR Planet's web pages are fully relyant on HTTPS.

Does your SDLC include communicating vulnerabilities to a Security Monitoring and Response Group?

As a small LLC, communication of vulnerabilities to all relevant employees, partners or consultants is part of daily business and happens continuously.

Does QR Planet solve identified security vulnerabilities prior to promotion to production?

If applicable, all identified security vulnerabilities are remidiated in accordance with all relevant internal Policies prior to promotion to production.

Do you perform regular Secure Code Reviews?

Our Secure Code Reviews include analyses of vulnerabilities to attacks by performing periodic penetration tests in accordance with all Policies and requirements.

Do you evaluate applications from a security perspective prior to promotion to production?

If deemed necessary, applications are evaluated from a security perspektive prior to promotion to production.

QR Planet's Application Change Management Policy

Our Application Change Management Policy and Change Controll Processes has been developed, documented and deployed to ensure all our product's are up to date.

Is sufficient detail contained in Web Server and application logs to support incident investigation?

Next to our Audit Trail Logs, our Web Servers' and applications' logs are sufficiently detailed to support any necessary incident investigation.

Is an Application Programming Interface (API) available to clients?

Yes. QR Planet offers its clients a comprehensive API. It makes it possible to create QR Codes, access statistics or use many more platform-specific features.

Do you develop mobile applications that access Scoped Systems and Data?

No. QR Planet does not develop mobile apps at all; We only provide a web-based self-service QR Code platform (SaaS).