Security & Compliance
Testing data breaches can stall development cycles more than anything else. They expose secrets, block workflows, and disrupt everything in their path— Kualitee understands that. This is why we secure our testing environment, ensuring the confidentiality as well as integrity of all your information assets.
Kualitee Security Overview
When designing Kualitee, security was paramount. We implemented the best technologies and practices from the ground up so that you can ensure your test data remains safe. Our commitment extends beyond an initial investment; it evolves with new threats to provide the highest level of trust possible.
Access Control with Secure Data Storage
Groups for Access Controls
Kualitee has fine-grained control over access rights management between different security groups which can be used to regulate incoming or outgoing network traffic based on specific rules designed around this purpose. It thereby acts not only as an identification verification system but also serves digital access control functions, restricting unauthorized entry into areas where such privileges are not granted.
Secure Relational Database Storage (SRDS)
To store their clients’ data safely and efficiently, Kualitee uses Secure Relational Database Services (SRDS). These instances come ready with built-in protection mechanisms like encryption methods plus access controls responsible for keeping restful test information secure.
Multi-Factor Authentication and Encryption Management
Principle of Least Privilege (PoLP) and Multi-Factor Authentication (MFA)
Our access management system enforces the PoLP principle, thus users are given only those permissions that are necessary for their designated roles. This reduces the potential for misuse of access privileges. Furthermore, MFA strengthens the authentication process by requiring a secondary verification code for login attempts, thereby strengthening security even more.
Encryption Key Management
Kualitee has got encryption key management capabilities allowing you to keep tight hold of control over the encryption keys used for protecting your data, thus giving an extra layer for securing governance.
Secure Communication and Comprehensive Auditing
HTTPS Communication and AWS Certificate Manager
Kualitee has a strong certificate management system, specifically AWS Certificate Manager, to provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. This ensures encrypted communication (HTTPS) between your web browser and the Kualitee platform, protecting your data in transit.
Cloud Auditing with AWS CloudTrail
For detailed information about what is happening within the platform; Kualitee supports cloud auditing services such as AWS CloudTrail which keeps track on every user activity together with API usage.
Proactive Threat Detection and Secure Development Practices
Regular Penetration Testing
Regular penetration testing carried out by independent security experts on Kualitee. These penetration tests proactively identify and address potential vulnerabilities within Kualitee before they can be exploited by malicious actors.
Continuous Code Reviews and Static/Dynamic Code Analysis
Our development process incorporates continuous code reviews to ensure the implementation of secure coding practices. This is strengthened even more by employing a combination of static and dynamic code analysis tools to identify and remediate potential security weaknesses early in the development lifecycle.
Rigorous Access Management
Role-Based Access Control (RBAC)
Kualitee enforces RBAC to meticulously control user access to functionalities and data within the product. This ensures that users can only access data and functionalities relevant to their assigned roles which reduces the risk of unauthorized access to sensitive data or information.
Disaster Recovery and Backups
Regular Backups
We maintain regular backups of your data using industry best practices. These backups ensure swift recovery in case of unforeseen circumstances that can lead to loss of data.
Disaster Recovery Plan
Kualitee maintains a disaster recovery plan to ensure business that business remains ongoing and uninterrupted in the event of an outage or disruption. This plan includes the steps for prompt restoration of service and data, with reduced downtime and a swift return to regular operations.
Account Management with Clear Policies
Clear and well-defined policies define account management practices. These policies cover aspects such as account cancellation, user provisioning and deprovisioning, access control changes, and security patching procedures. Following these established protocols minimizes the risk associated with unauthorized access or configuration changes, keeping your data safe.
SOC 2 Compliance
Kualitee has achieved a Service Organization Control (SOC) 2 Type II certification, having gone through a rigorous independent audit. A SOC 2 Type II report focuses on a service organization’s security practices and controls over a specific period. Our successful audit shows how effective our controls are in protecting user data based on the Security Trust Principles established by the American Institute of Certified Public Accountants (AICPA).
ISO 27001 Certification
Kualitee has achieved ISO 27001 certification, a globally recognized standard for information security management systems (ISMS). This certification outlines a comprehensive framework for implementing and maintaining an effective information security program. By meeting these rigorous standards, Kualitee demonstrates its commitment to systematically managing information security risks and ensuring the highest levels of data protection for its clients. Our certified processes provide assurance that Kualitee prioritizes security in all aspects of our operations.