Our Commitment to Security and Reliability
QuestSoft understands that certain compliance solutions are better deployed as a service. Compliance EAGLE,
QuestSoft’s flagship automated compliance platform, is delivered as a service from an enterprise-grade SSAE 18 Type 2 SOC 1 audited datacenter, exceeding the stringent standards for security and operations that Sarbanes-Oxley, HIPAA,
Gramm-Leach-Bliley and other regulations require.
SSAE 18 is an attestation standard issued by the American Institute of Certified Public Accountants for Service Organizations that reports on data center controls supporting the services provided to customers, designed to provide reasonable assurance that a given risk will be mitigated or detected in a timely manner to preclude service interruption, financial misstatement, or any other negatively perceived impact.
Our focus on mission-critical security and reliability demands that our servers reside in a data center that provides network security and bandwidth-neutral network connectivity.
Our data center is . . .
- 26 stories; 480,000 (sq. ft.)
- Outside 100-year flood plain
- Seismic Zone 1
- Utility Power Capacity: 4500 (kW)
- UPS Power Capacity: 1450 (kW)
- UPS Redundancy: N-N+1
- Power Density: 80-125 (W/sq. ft.)
- DC Power Capacity: 200 (kW)
- Generator Power Capacity: 3890 (kW)
- Generator Redundancy: N - N+1
- Cooling Redundancy: N+1
- 24 x 365 security staff
- Card key and biometric access control
- Digital video monitoring and recording
- SSAE 18 Type 2 SOC 1 Compliant
We maintain physical, electronic and procedural safeguards that comply with federal standards to secure your non-public personal information. We only grant access to nonpublic, personally identifiable information about our customers to employees of QuestSoft, its affiliates, and third party service providers contracted to assist in the servicing of your accounts. All third party service providers are required to maintain the confidentiality of your information. We will only disclose this information as permitted or compelled to do so by law.
QuestSoft Products and SSAE 18
Compliance EAGLE is considered software-as-a-service
and is delivered from our SSAE 18 Type II audited datacenter.
Instant Geocoder is typically installed as a desktop application, but may be run as software-as-a-service delivered from our SSAE 18 Type II audited datacenter.
Compliance RELIEF is not a hosted application and no data is automatically shared with QuestSoft. As a result, no SSAE certification is needed nor available.
Desktop VERIFY is not a hosted application and no data is automatically shared with QuestSoft. As a result, no SSAE certification is needed nor available.
Web VERIFY is considered software-as-a-service and is delivered from our SSAE 18 Type II audited datacenter.
Transferring a File
Our Secure File Transfer Area is the best way to send us a file. Our forms take advantage of Transport Layer Security to ensure your data is secure over the network.
TLS security measures include:
- Protection against a downgrade of the protocol.
- Numbering subsequent Application records with a sequence number and using this sequence number in the message authentication codes/
- Using a message digest enhanced with a key.
- The message that ends the handshake ("Finished") sends a hash of all the exchanged handshake messages seen by both parties.
- The pseudorandom function splits the input data in half and processes each one with a different hashing algorithm This provides protection even if one of these algorithms is found to be vulnerable.