In today’s digital age, information security isn’t just an IT concern – it’s the foundation of a successful business. With the increasing reliance on digital systems, companies are vulnerable to threats such as hacking, phishing, and ransomware.
From a customer’s perspective, information security vital because they often rely on the SaaS provider’s platform to store, process, and manage sensitive information. Strong security practices ensure that their data remains safe, fostering trust in the SaaS provider and assuring business continuity and reliability.
According to Gartner, information security is a top concern for software buyers and 46% of buyers who made a recent software purchase, selected the provider because of their security certifications, reputation, or data privacy practices.
We sat down with our Chief Information Security Officer (CISO), Martin Karlsson, to discuss the security practices that Quinyx is doing. In this blog article, Martin answers some of the most frequently asked questions we receive from our customers when it comes to information security and how we protect their data.
We have a lot of policies in place and are updating them on a yearly basis. The plan for this year is to develop an entirely new policy package. The active policies are shown in the picture below.
We are ISO 27001 certified and are currently working on getting our SOC 2 Type 2 report. These certifications demonstrate our commitment to best practices in security and give our customers confidence in our data handling protocols.
We securely host most of our data in Amazon’s data center in Frankfurt, Germany. We chose this location for its superior security infrastructure. Amazon employs highly trained personnel and implements rigorous security measures, ensuring your data is protected around the clock.
We do a lot of activities to improve our internal information security. This includes security training, phishing campaigns, and internal seminars. I also attend external seminars where I get to speak to CISOs from other companies and learn what other companies are doing for their information security.
AI has been widely adopted by organizations, but it’s also being exploited by threat actors. For instance, AI is being employed by malicious actors to mimic voices and faces. At the same time, we’re seeing a significant rise in investment in information security across businesses, reflected in the growing volume of security questionnaires and certification requirements, such as ISO 27001 and SOC 2.
A good security measure is to always verify the source by calling up the person or talking to them face to face. When using AI, especially publicly available large language models (LLMs) like ChatGPT, treat the information you input as you would when posting on social media. If sharing the information publicly would not compromise anything, then it is generally safe to use a public LLM.
In conclusion, information security is a top priority for both Quinyx and our customers, especially in today’s fast-evolving digital landscape. By maintaining rigorous security certifications like ISO 27001, working towards SOC 2, and hosting data securely with trusted providers like Amazon, we ensure that our customers' data is protected at every level. At Quinyx, we are committed to delivering the highest level of security to earn and maintain the trust of our customers.
You can read more about the data privacy and security practices that Quinyx is doing here.