Privacy Policy

For us at Qentelli, your security and privacy are of utmost priority. Our dedicated team works diligently to safeguard your data and trust. We want you to feel secure and carefree while working with Qentelli, as we guarantee that your data is in safe hands. This page outlines some ways Qentelli safeguards your information when you interact with our Cloud product — The Engineering Dashboard (TED). Qentelli’s comprehensive information security program addresses policies, processes, people, and technologies to ensure we protect your personal data in accordance with applicable laws and our data privacy policies.

 

TED Architecture

TED offers near real-time multi-source metrics dashboards for each product value stream with no scripting and workflow disruption. TED connects to the software development-related tools and other information sources (as configured by the Customer) to collect the data required for value stream metrics analysis.

TED is a SaaS application with a multi-tenant architecture.

TED page: https://www.qentelli.com/ted

image1

Infrastructure Security

Qentelli uses the Amazon AWS IaaS platform for secure hosting infrastructure. Amazon AWS is a premier infrastructure-as-a-service provider with extensive security certifications and audited controls. For details on AWS certifications and accreditation, please visit https://aws.amazon.com/security/.

Qentelli has established a dedicated environment for our Cloud hosting that is secured and separate from corporate network. Qentelli applies strict access control & enforced a restricted entry to our production Cloud environment, allowing only select Qentelli personnel to access on a need-to-know basis. Moreover, access is through multi-factor authentication mechanisms. In addition, our personnel undergo rigorous background checks and are bound by non-disclosure agreements

 

Data Security

Qentelli encrypts customer information while at rest and uses HTTPs while transmitting over the Internet. All browser connections are encrypted using TLS. All connections of on-prem TED Agent (if used) to the TED Cloud backend are encrypted using TLS.

All data at rest is encrypted using standard AWS capabilities. Security critical information, such as repository credentials, is additionally encrypted in the database using per-customer keys.

Qentelli enforces logical segregation for each customer’s data within our environment. Qentelli maintains strict controls over access to our customer data. We will only access specific customer data if it is required to provide the service (for example, if the customer opens a support ticket and Qentelli needs such access to resolve it).

 

Business Endurance

Qentelli's Cloud architecture is resilient and aligns with our service level targets. Qentelli has established data backup and restore procedures that are tested regularly.

 

Effective SDLC

Qentelli has adopted robust secure development practices based on industry standards. We provide our engineers with regular security training and perform security code reviews.

Qentelli has implemented extensive automated testing to maintain the ongoing quality of our service.

Qentelli employs static and dynamic code scanning as part of our development process to proactively identify potential security issues. All scan results are reviewed, triaged, and appropriately resolved if deemed applicable.

 

Security Testing

Qentelli has established several security testing processes. Qentelli conducts regular vulnerability scanning using commercially available and open-source tools.

Qentelli also conducts penetration testing through a third-party partner on an annual basis.

Any issues identified through vulnerability scanning and penetration testing are resolved promptly, as per the assessed risk level.

 

Secure Operations

Qentelli maintains a Security Incident Response Plan (SIRP) that defines our process to deal with security issues. Our SIRP establishes roles and responsibilities during a security incident, escalation paths and requirements, and customer notification requirements.

Qentelli keeps the plan up-to-date, conducts regular reviews and incident simulation sessions, and ensures relevant staff is trained at regular intervals.

 

Certifications and Compliance

Qentelli monitors the regulatory environment and ensures Qentelli is compliant with all applicable regulatory requirements and standards. In particular, we have analyzed our services and implemented appropriate technological and organizational measures to comply with GDPR.

TED Cloud infrastructure is hosted in Amazon AWS in data centers that are SOC2, ISO 27001, ISO 27017, and ISO 27018 certified. You can find more information about AWS compliance and certifications here: https://aws.amazon.com/compliance/programs/

 

Supplier Audits

To be able to provide top-tier service, we employ several providers (suppliers), such as Amazon AWS. To ensure our supply chain is up to our standards with regard to security, Qentelli proactively monitors our suppliers’ security stance on an ongoing basis.

 

Customer Responsibilities

As our customer, you also play an important role in securing your information.

While Qentelli is responsible for providing you with a secure platform, you are responsible for using the platform in a secure manner. In particular:

image2
  • You must ensure that you have industry standard user management processes to secure access to TED. This process should include de-provisioning access when no longer needed.
  • You must ensure that your users maintain appropriate password security. As with any Internet-based service, the security of your user accounts is vital. We in turn help by enforcing a minimum password length of 12 characters.
  • When connecting the TED application to your repositories, you must ensure that you do so in accordance with your company's security policies. This would usually include:
    • Enabling encryption for all of your repository connections.
    • Provisioning service accounts in your repositories that are dedicated to TED have strong passwords and are configured following the principle of least privilege and in accordance with minimal permissions as documented in our Connector Documentation.