For us at Qentelli, your security and privacy are of utmost priority. Our dedicated team works diligently to safeguard your data and trust. We want you to feel secure and carefree while working with Qentelli, as we guarantee that your data is in safe hands. This page outlines some ways Qentelli safeguards your information when you interact with our Cloud product — The Engineering Dashboard (TED). Qentelli’s comprehensive information security program addresses policies, processes, people, and technologies to ensure we protect your personal data in accordance with applicable laws and our data privacy policies.
TED offers near real-time multi-source metrics dashboards for each product value stream with no scripting and workflow disruption. TED connects to the software development-related tools and other information sources (as configured by the Customer) to collect the data required for value stream metrics analysis.
TED is a SaaS application with a multi-tenant architecture.
TED page: https://www.qentelli.com/ted
Qentelli uses the Amazon AWS IaaS platform for secure hosting infrastructure. Amazon AWS is a premier infrastructure-as-a-service provider with extensive security certifications and audited controls. For details on AWS certifications and accreditation, please visit https://aws.amazon.com/security/.
Qentelli has established a dedicated environment for our Cloud hosting that is secured and separate from corporate network. Qentelli applies strict access control & enforced a restricted entry to our production Cloud environment, allowing only select Qentelli personnel to access on a need-to-know basis. Moreover, access is through multi-factor authentication mechanisms. In addition, our personnel undergo rigorous background checks and are bound by non-disclosure agreements
Qentelli encrypts customer information while at rest and uses HTTPs while transmitting over the Internet. All browser connections are encrypted using TLS. All connections of on-prem TED Agent (if used) to the TED Cloud backend are encrypted using TLS.
All data at rest is encrypted using standard AWS capabilities. Security critical information, such as repository credentials, is additionally encrypted in the database using per-customer keys.
Qentelli enforces logical segregation for each customer’s data within our environment. Qentelli maintains strict controls over access to our customer data. We will only access specific customer data if it is required to provide the service (for example, if the customer opens a support ticket and Qentelli needs such access to resolve it).
Qentelli's Cloud architecture is resilient and aligns with our service level targets. Qentelli has established data backup and restore procedures that are tested regularly.
Qentelli has adopted robust secure development practices based on industry standards. We provide our engineers with regular security training and perform security code reviews.
Qentelli has implemented extensive automated testing to maintain the ongoing quality of our service.
Qentelli employs static and dynamic code scanning as part of our development process to proactively identify potential security issues. All scan results are reviewed, triaged, and appropriately resolved if deemed applicable.
Qentelli has established several security testing processes. Qentelli conducts regular vulnerability scanning using commercially available and open-source tools.
Qentelli also conducts penetration testing through a third-party partner on an annual basis.
Any issues identified through vulnerability scanning and penetration testing are resolved promptly, as per the assessed risk level.
Qentelli maintains a Security Incident Response Plan (SIRP) that defines our process to deal with security issues. Our SIRP establishes roles and responsibilities during a security incident, escalation paths and requirements, and customer notification requirements.
Qentelli keeps the plan up-to-date, conducts regular reviews and incident simulation sessions, and ensures relevant staff is trained at regular intervals.
Certifications and Compliance
Qentelli monitors the regulatory environment and ensures Qentelli is compliant with all applicable regulatory requirements and standards. In particular, we have analyzed our services and implemented appropriate technological and organizational measures to comply with GDPR.
TED Cloud infrastructure is hosted in Amazon AWS in data centers that are SOC2, ISO 27001, ISO 27017, and ISO 27018 certified. You can find more information about AWS compliance and certifications here: https://aws.amazon.com/compliance/programs/
To be able to provide top-tier service, we employ several providers (suppliers), such as Amazon AWS. To ensure our supply chain is up to our standards with regard to security, Qentelli proactively monitors our suppliers’ security stance on an ongoing basis.
As our customer, you also play an important role in securing your information.
While Qentelli is responsible for providing you with a secure platform, you are responsible for using the platform in a secure manner. In particular: