Security at Qintel is everyone’s job

Qintel’s enterprise information security program is an integral part of our operations. In fact, information security is in our DNA and ingrained in our people, processes, and technologies. Our approach is simple: every employee is responsible for information security, including protecting:

  • Qintel-owned information assets
  • Customer and partner information assets
  • The underlying technology infrastructure that generates, processes, and stores Qintel's information assets

Approach to information security

Qintel has built its reputation on acquiring and operationalizing unique data. As such, Qintel has built strict processes around access to its internal datasets.

Defense-in-depth programQintel’s approach to information security is a comprehensive, defense-in-depth program designed to mitigate information security risks, while continuously evolving and adopting new technologies to stay ahead of the ever-changing cyber threat landscape. Enabling secure customer access and protecting our proprietary data are the primary goals of the Qintel Information Security program.

Mission-CriticalQintel’s role as a provider of mission-critical intelligence to entire industries makes it an attractive target to attackers. In response, Qintel has implemented security measures that go beyond industry standards. Qintel has created an environment that emphasizes constant training and rapid response through regular security penetration testing.

Information security program

Qintel is ISO 27001:2013 and ISO 27017:2015 Certified and adheres to the requirements of the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program. The CSA STAR comprises key principles of transparency, rigorous auditing, and harmonization of standards. Our Consensus Assessments Initiative Questionnaire (CAIQ) documents the rigor and strength of Qintel’s security posture and best practices and is publicly accessible for viewing and download from the CSA STAR Registry. Qintel plans to achieve FedRAMP Authorization in 2021.

There is continued training and education for Qintel’s security experts to remain ahead of emerging cyber threats, as well as ongoing information security training and awareness campaigns for all Qintel employees.

Security operations are all based in the United States and include a robust threat intelligence and response capability. By integrating our own products (QWatch, Patch Management Intelligence, QSentry, and CrossLink) into our security operations, we significantly decrease our exposure to cyber threats.

Qintel's Cyber Incident Response Team (QCIRT) provides real-time detective and corrective capabilities for cyber security events, including 24x7x365 monitoring, incident response, and digital forensics.

There is continuous investment and senior leadership support for the Information Security program to ensure Qintel stays ahead of emerging threats.

Coalfire ISO 27001
Coalfire ISO 27017
Coalfire ISO 27017

People

Security at Qintel is everyone’s job. We invest in training and awareness to ensure that security stays top of mind for all of our employees.

  • A cross-functional team of experts that’s 100% dedicated to security-related activities
  • An Enterprise Risk Council that oversees risk management strategy and implementation across the organization
  • Third-party risk management program for suppliers
  • Background checks for all employees
  • A dedicated Chief Information Security Officer who manages security operations and continuously engages with the security community to ensure Qintel stays ahead of emerging threats
  • Annual security training for all employees
  • Training for engineers to ensure coding is done securely, with regular audits of the codebase

Process

Qintel’s business processes, including internal policies, software development, and operations focus on security first, always, and last.

  • System access is limited to personnel based on least privilege, with multiple layers of secured authentication required for all critical systems
  • On-premise security policies and physical access controls
  • Active monitoring and alerting
  • Security reviews within the Qintel Software Development Life Cycle (SDLC)
  • Formal code reviews and penetration testing by third-parties

Technology

Qintel’s secure product suite encompasses state of the art technology and infrastructure.

  • Secure, near real-time data replication
  • Air gapped networks for systems and operations
  • Malware protection
  • Real-time detection and corrective capabilities for cybersecurity events
  • Secure data access and transfer of data to/from Qintel