Articles

Do you use servers for handling Scoped Data?

Yes, we employ servers which transmit, process and store Scoped Data and which meet all relevant security and compliance criteria according to current standards

Last update 2 weeks ago

Do you have any Operating System versions in use within the Scoped Services that no longer have patches released?

No. All (third-party hosted) servers and devices within QR Planet's networks and environments only use OS versions that are up to date and patched regularly.

Last update 2 weeks ago

Do you document your server security configuration standards and base them on external industry or vendor guidance?

Yes. Our server security configuration standards use established frameworks, are documented and based on vendor recommendations and common industry standards.

Last update 6 days ago

Do you review server security configurations regularly to validate compliance with documented standards?

Yes. Server security configurations are regularly reviewed and updated when necessary to fully ensure compliance with all documented security standards.

Last update 2 weeks ago

Do you configure your servers according to security standards as part of the build process?

Our servers are configured in accordance with all common security standards and are regularly patched and updated. Security standards are documented.

Last update 6 days ago

Do you uninstall or disable all unnecessary and unused services on all your servers?

Yes. The necessity of all services on our servers is evaluated regularly and all services deemed unnecessary are shut down.

Last update 6 days ago

Do you remove, disable or change vendor default passwords prior to placing any device or system into production?

Only custom passwords according to our comprehensive password policy are used in our systems and devices.

Last update 6 days ago

Do your Operating System and application logs contain sufficient detail to support security incident investigations?

We offer comprehensive logs for all accounts, and also keep logs for all access attempts to our web servers for two weeks, including all IP addresses used.

Last update 6 days ago

Do you regularly check your systems and applications, patching them whenever possible?

Yes. We use OpenVAS, a full-featured vulnerability scanner, to perform daily scans of all our systems and applications. All found CVEs are being patched promptly.

Last update 6 days ago