Security & Compliance

Testing data breaches can stall development cycles more than anything else. They expose secrets, block workflows, and disrupt everything in their path— Kualitee understands that. This is why we secure our testing environment, ensuring the confidentiality as well as integrity of all your information assets.

Kualitee Security Overview

When designing Kualitee, security was paramount. We implemented the best technologies and practices from the ground up so that you can ensure your test data remains safe. Our commitment extends beyond an initial investment; it evolves with new threats to provide the highest level of trust possible.

Access Control with Secure Data Storage

Groups for Access Controls

Kualitee has fine-grained control over access rights management between different security groups which can be used to regulate incoming or outgoing network traffic based on specific rules designed around this purpose. It thereby acts not only as an identification verification system but also serves digital access control functions, restricting unauthorized entry into areas where such privileges are not granted.

Secure Relational Database Storage (SRDS)

To store their clients’ data safely and efficiently, Kualitee uses Secure Relational Database Services (SRDS). These instances come ready with built-in protection mechanisms like encryption methods plus access controls responsible for keeping restful test information secure.

Multi-Factor Authentication and Encryption Management

Principle of Least Privilege (PoLP) and Multi-Factor Authentication (MFA)

Our access management system enforces the PoLP principle, thus users are given only those permissions that are necessary for their designated roles. This reduces the potential for misuse of access privileges. Furthermore, MFA strengthens the authentication process by requiring a secondary verification code for login attempts, thereby strengthening security even more.

Encryption Key Management

Kualitee has got encryption key management capabilities allowing you to keep tight hold of control over the encryption keys used for protecting your data, thus giving an extra layer for securing governance.

Secure Communication and Comprehensive Auditing

HTTPS Communication and AWS Certificate Manager

Kualitee has a strong certificate management system, specifically AWS Certificate Manager, to provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. This ensures encrypted communication (HTTPS) between your web browser and the Kualitee platform, protecting your data in transit.

Cloud Auditing with AWS CloudTrail

For detailed information about what is happening within the platform; Kualitee supports cloud auditing services such as AWS CloudTrail which keeps track on every user activity together with API usage.

Proactive Threat Detection and Secure Development Practices

Regular Penetration Testing

Regular penetration testing carried out by independent security experts on Kualitee. These penetration tests proactively identify and address potential vulnerabilities within Kualitee before they can be exploited by malicious actors.

Continuous Code Reviews and Static/Dynamic Code Analysis

Our development process incorporates continuous code reviews to ensure the implementation of secure coding practices. This is strengthened even more by employing a combination of static and dynamic code analysis tools to identify and remediate potential security weaknesses early in the development lifecycle.

Rigorous Access Management

Role-Based Access Control (RBAC)

Kualitee enforces RBAC to meticulously control user access to functionalities and data within the product. This ensures that users can only access data and functionalities relevant to their assigned roles which reduces the risk of unauthorized access to sensitive data or information.

Disaster Recovery and Backups

Regular Backups

We maintain regular backups of your data using industry best practices. These backups ensure swift recovery in case of unforeseen circumstances that can lead to loss of data.

Disaster Recovery Plan

Kualitee maintains a disaster recovery plan to ensure business that business remains ongoing and uninterrupted in the event of an outage or disruption. This plan includes the steps for prompt restoration of service and data, with reduced downtime and a swift return to regular operations.

Account Management with Clear Policies

Clear and well-defined policies define account management practices. These policies cover aspects such as account cancellation, user provisioning and deprovisioning, access control changes, and security patching procedures. Following these established protocols minimizes the risk associated with unauthorized access or configuration changes, keeping your data safe.

SOC 2 Compliance

Kualitee has achieved a Service Organization Control (SOC) 2 Type II certification, having gone through a rigorous independent audit. A SOC 2 Type II report focuses on a service organization’s security practices and controls over a specific period. Our successful audit shows how effective our controls are in protecting user data based on the Security Trust Principles established by the American Institute of Certified Public Accountants (AICPA).

ISO 27001 Certification

Kualitee is pursuing International Organization for Standardization (ISO) 27001 certification, a globally recognized standard for information security management systems (ISMS). ISO 27001 outlines a framework for implementing and maintaining a comprehensive information security program. Achieving this certification demonstrates Kualitee’s commitment to systematic management of information security risks.