In today’s digital age, information security isn’t just an IT concern – it’s the foundation of a successful business. With the increasing reliance on digital systems, companies are vulnerable to threats such as hacking, phishing, and ransomware.
From a customer’s perspective, information security is vital because they often rely on the SaaS provider’s platform to store, process, and manage sensitive information. Strong security practices ensure that their data remains safe, fostering trust in the SaaS provider and assuring business continuity and reliability.
According to Gartner, information security is a top concern for software buyers and 46% of buyers who made a recent software purchase, selected the provider because of their security certifications, reputation, or data privacy practices.
We sat down with our Chief Information Security Officer (CISO), Martin Karlsson, to discuss the information security practices that Quinyx is doing. In this blog article, Martin answers some of the most frequently asked questions we receive from our customers when it comes to information security and how we protect their data.
1. What information security policies does Quinyx have in place?
We have a lot of policies in place and are updating them on a yearly basis. The plan for this year is to develop an entirely new policy package. The active policies are shown in the picture below.
2. What information security certifications does Quinyx have?
We are ISO 27001 certified and are currently working on getting our SOC 2 Type 2 report. These certifications demonstrate our commitment to best practices in information security and give our customers confidence in our data handling protocols.
3. What are the main differences between ISO 27001 and SOC 2?
ISO 27001 is a global standard that is broadly applicable across all industries. The standard focuses on establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). ISO 27001 includes a variety of company controls that companies must implement such as company wide information security policies and information security training.
SOC 2 is primarily US-focused, although it is gaining traction in other countries, particularly among cloud service providers. SOC 2 is designed for service organisations that handle sensitive customer data in the cloud or perform IT services. The purpose of SOC 2 is to ensure that companies follow best practices in managing customer data securely. With Quinyx, this could be related to things like how we store and handle our customers’ data in the Quinyx mobile application.
4. Where do we host our data?
We securely host most of our data in Amazon’s data center in Frankfurt, Germany. We chose this location for its superior security infrastructure. Amazon employs highly trained personnel and implements rigorous security measures, ensuring your data is protected around the clock.
5. What is Quinyx doing internally on information security?
We do a lot of activities to improve our internal information security. This includes information security training, phishing campaigns, and internal seminars. I also attend external seminars where I get to speak to CISOs from other companies and learn what other companies are doing for their information security.
6. What are some of the future trends impacting the information security sector?
AI has been widely adopted by organizations, but it’s also being exploited by threat actors. For instance, AI is being employed by malicious actors to mimic voices and faces. At the same time, we’re seeing a significant rise in investment in information security across businesses, reflected in the growing volume of security questionnaires and certification requirements, such as ISO 27001 and SOC 2.
7. What can you do to stay safe?
A good security measure is to always verify the source by calling up the person or talking to them face to face. When using AI, especially publicly available large language models (LLMs) like ChatGPT, treat the information you input as you would when posting on social media. If sharing the information publicly would not compromise anything, then it is generally safe to use a public LLM.
In conclusion, information security is a top priority for both Quinyx and our customers, especially in today’s fast-evolving digital landscape. By maintaining rigorous security certifications like ISO 27001, working towards SOC 2, and hosting data securely with trusted providers like Amazon, we ensure that our customers' data is protected at every level. At Quinyx, we are committed to delivering the highest level of security to earn and maintain the trust of our customers.
You can read more about the data privacy and information security practices that Quinyx is doing here.