Qualityze QMS Security

Qualityze EQMS ensures application security, operational security, product security, and privacy controls.

What is Qualityze’s approach to security?

Qualityze is a cloud-based Quality and EHS Management System (QMS/EHS) built on a Salesforce platform. We have a robust SDLC process which incorporates application and product security within the design of the system. In addition, being on a Salesforce platform allows us to leverage its robust security framework. Here’s how Qualityze addresses application security, operational security, product security, and privacy controls.

Application Security

Operational Security

Product Security

Privacy Controls

Application Security

We use various security measures to protect our data and processes. We make sure all user inputs are validated and sanitized to prevent common issues like SQL injection and XSS, using Salesforce's validation rules. For authentication, we leverage Salesforce’s multi-factor authentication (MFA) and single sign-on (SSO) along with role-based access control to ensure users have the right permissions. Data is encrypted both when stored and in transit, utilizing Salesforce’s encryption standards and additional tools like Salesforce Shield. We follow best practices for secure coding and conduct regular code reviews and testing. Additionally, we and our customers benefit from Salesforce’s regular updates and security patches to address any vulnerabilities promptly.

Operational Security

We ensure operational security by implementing strong practices and procedures to protect our infrastructure and services. We have physical security like access control systems, CCTV cameras, and secure storage for important items. Our network is protected with firewalls, secure Wi-Fi, and VPNs for remote work. We ensure data security through regular backups, encryption, and protection for all devices. We have a detailed plan for responding to security incidents, with a dedicated team and regular practice drills. Our employees receive ongoing security training and follow strict security policies. Access to sensitive information is controlled based on job roles and reviewed regularly. Additionally, we have environmental controls like climate management and backup power systems to protect our critical infrastructure.

Product Security

We prioritize product security to ensure our solutions are secure by design, building it into our software development lifecycle (SDLC) and software testing lifecycle (STLC) leveraging Salesforce guidelines and industry best practices. We follow a secure development lifecycle, integrating security practices from design through deployment. We have two levels of regular code reviews for every release: internal reviews by senior developers and security reviews by Salesforce. Additionally, we conduct periodic penetration testing, both internally and with third-party experts, to identify and fix any security weaknesses in our products.

Privacy Controls

We are committed to protecting user privacy and ensuring we comply with data protection regulations. We only collect necessary data and provide tools to manage data retention, minimizing the amount of data stored. We offer features to anonymize and pseudonymize personal data, helping organizations protect identifiable information. We provide features to help organizations fulfill data subject requests, such as accessing, correcting, or deleting personal data. Additionally, we conduct privacy impact assessments to identify and mitigate privacy risks, ensuring new projects and changes comply with data protection regulations.