Security Policies

Security Policies at Querio

Querio is dedicated to achieving and maintaining the highest standard of data security and protection, as evidenced by our existing security measures and commitments. As we strive for SOC2 compliance, aligning with our core values and current security stance, we have a comprehensive set of policies that adhere to SOC2 Trust Service Criteria: security, privacy, confidentiality, processing integrity, and availability. These policies are adhered to during regular operations and undergo continuous review to ensure compliance.

Information Security Policy

Purpose

To define guidelines for protecting the confidentiality, integrity, and availability of information.

Scope

Applies to all software applications, employees, contractors, and third-party vendors.

Key Elements

Querio conducts regular auditing, monitoring, and reviewing of architecture, codebase, and logs.We execute internal vulnerability assessments with a dedicated response team.We adhere to privacy regulations, including CCPA and GDPR compliances.We leverage secure infrastructure using AWS cloud services with AWS SOC3 Certification.

Access Control Policy

Purpose

To limit access to information to authorized personnel only.

Scope

All systems, applications, and data within Querio's infrastructure.

Key Elements

Querio employs role-based access control and follow the least privilege methodology.We regularly review and update access rights.We require strong, complex passwords and implement mandatory changes at defined intervals.We require employees to utilize multi-factor authentication (MFA) for all software.

Change Management Policy

Purpose

To safely implement changes without impacting the secure and stable environment.

Scope

All changes to IT systems, networks, and applications.

Key Elements

All code changes are reviewed for security implications.Application patches are applied regularly to mitigate vulnerabilities.We have defined roles and responsibilities for personnel involved in change management.

Incident Response Plan

Purpose

To effectively manage and respond to security breaches or incidents.

Scope

All security and privacy incidents affecting information systems and data.

Key Elements

Querio follows ISO27001-based security incident management processes.We have clearly defined incident response roles, responsibilities, and communication protocols.We have immediate containment procedures and subsequent investigation prototypes.

Risk Assessment Policy

Purpose

To identify and minimize risks related to the security and integrity of customer data.

Scope

All aspects of business operations, including people, processes, and technology.

Key Elements

Querio regularly performs risk analysis and updates the mitigation strategies.We leverage Synk for weekly automatic vulnerability testing and reporting on our codebase. We have integrated security consideration in the Software Development Cycle.We conduct annual third-party Remote Penetration Tests.

Disaster Recovery and Business Continuity Plan

Purpose

To ensure continued operation and data integrity in case of a disaster.

Scope

All mission-critical operations and services.

Key Elements

Querio follows ISO27001-based disaster recovery and business continuity processes.We have defined data backup and recovery protocols.We have establish clear communication plans and roles for disaster scenarios.

Data Privacy Policy

Purpose

To manage personal data with respect and in line with privacy regulations.

Scope

Collection, usage, retention, disclosure, and disposal of personal data.

Key Elements

Querio signs an explicit Data Processing Agreement (DPA) upon onboarding to formalize data protection commitments.A detailed and up-to-date Privacy Policy publicly accessible on our website.

Vendor Management Policy

Purpose

To ensure third-party vendors meet Querio's security standards.

Scope

All sub-processors and vendors with access to Querio's data.

Key Elements

Querio requires sub-processors to adhere to robust security and privacy practices.We assess and monitor vendors' compliance regularly.We make sure to include provisions in contracts that enforce SOC2 compliance.

Employee Training and Awareness Programs

Purpose

To create a security-aware culture within the organization.

Scope

All employees within Querio.

Key Elements

Querio provides regular training on security, data protection laws, and organization-specific policies.We instill a clear understanding of individual roles in maintaining security.

Regular Audit and Monitoring Procedures

Purpose

To continuously validate the effectiveness of security policies and practices.

Scope

All systems and data under Querio's control.

Key Elements

Querio performs scheduled internal audits and reviews.We maintain strict monitoring systems to detect security events.

Physical Security Policy

Purpose

To protect physical resources and information.

Scope

Physical servers, data centers, and document storage areas.

Key Elements

As a remote-first company, we do not have any physical access requirements and all data is stored in the cloud with securely compliant providers. Querio employees are properly educated on the their responsibility for safeguarding their hardware to prevent unauthorized use.

Leveraging both our ongoing commitment to exceptional security standards and our current security measures, Querio's security policies help to ensure a secure, reliable, and trusted environment for our partners and customers. We continue to evolve our security posture actively while working towards the industry-standard SOC2, ISO 27001, and ISO 9001 certifications.

For additional information about Querio's security, data or compliance policies and processes, please contact hello@querio.ai

Unlock

Unlock

Unlock

Your

Your

Your

Data

Data

Data

Potential

Potential

Potential

Start transforming data into insights today.

Querio

Query, report and explore data at technical level.

2024 Querio Ltd. All rights reserved.

Our partners

Querio

Query, report and explore data at technical level.

2024 Querio Ltd. All rights reserved.

Our partners

Querio

Query, report and explore data at technical level.

Our partners

2024 Querio Ltd. All rights reserved.