Trust Center | Questionmark

Trust Center

Our Commitment to Security

We appreciate how critical security and reliability are to both to our success and yours. In a world where data breaches and requests for access to personal data are regular occurrences, it is essential that you choose an assessment service provider that considers the protection and privacy of your data a priority. Questionmark is committed to the highest levels of trust, transparency, and compliance. Please reach out to us at info@questionmark.com to get more information. We look forward to building your trust and working with you to secure your data.

Compliance with International Standards

Get the assurance you need. Our technologies and processes meet the latest compliance and security standards through external reviews and audits.

ISO 27001

BSI ISO 27001
ISO 27001 is the most widely recognized information security standard in the world and was awarded after in-depth assessment by a third-party accredited team of auditors. It recognizes companies for establishing, implementing, maintaining and continuously improving their Information Security Management System (ISMS).     
 View ISO 27001:2013 Certificate

GDPR

GDPR
The General Data Protection Regulation (or GDPR) is a new a European privacy law that imposes rules on organizations that store or manage data tied to EU residents. Questionmark is committed to GDPR compliance across our OnDemand services when enforcement begins May 25, 2018 and will provide GDPR guidance and related assurances within contracts and documentation to help customers be compliant.

Privacy Shield

Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield frameworks provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EU to the US in support of transatlantic commerce.
View Certification Confirmation

HIPAA

HIPAA
Questionmark's US OnDemand service is comitted to the Health Insurance Portability and Accountability Act (HIPAA) which sets the standard for dealing with protected health information (PHI) and ensures physical, network, and process security measures are in place and followed.
View Business Associate Agreement

FERPA

FERPA

FERPA is a US federal law protecting the privacy of student information. Questionmark's US OnDemand service offers contract terms that include specific FERPA commitments and allows customers to administer assessments and store data in compliance with FERPA.

Product Security

You need the confidence that your assessments are getting valid, reliable and defensible results. We've built security into our products from day one and continuously strengthen and improve security features across our assessment management system.

Secure locked-down browser

Significantly minimise the risk of cheating and content theft
Secure Assessments Systems

Online Proctoring

Provide a secure, flexible and cost-effective alternative to test centers
Online Proctoring

Roles-based Access

Ensure your assessment administrators only see what you permit them to see
SMEs

Single sign-on using SAML

Provide users with streamlined access, simplify administration and strengthen security

SAML ICON

Define Password Policies

Create custom password policies that vary by role, tailored to your organizations internal policies
Password policies

Learn more about Questionmark OnDemand

Service Security and Transparency

Questionmark operates a trustable, scalable and robust OnDemand Service for managing, delivering and reporting on assessments. Questionmark’s OnDemand Service contains multiple layers of security, including physical safeguards, access control, environmental management and uninterruptible power supply, and is protected by firewalls to appropriately restrict access.

Access Control & Physical Security

  • Our infrastructure is hosted in two secure state-of-the-art data centers: one in North America and one in Europe
  • Every data center has 24-hour manned security, and access is restricted to select personnel with appropriate identification
  • Video surveillance, motion detectors and intruder alarms are located throughout each facility
  • Redundant power grid connections, batteries, multiple generators, tier-one internet connections and secure off-site backups

Network Protection

  • Internet traffic in and out of the data center is encrypted using TLS
  • An Intrusion Detection System (IDS) monitors network traffic and finds malicious attacks before they occur
  • Each server in the various tiers is protected by a host-level firewall
  • A Bastion Host is used to allow system maintenance without damaging system security or integrity
  • Antivirus technology is used and updated on a regular basis

Application Monitoring and Transparency

Servers are continuously monitored for downtime and designed to notify the Network Operations Center for action to be taken immediately. The service is monitored from around the world to track performance and connect, processing and transfer times. We believe in transparency. Questionmark is willing to provide penetration test results for customers under NDA. For up-to-date details about the status of the OnDemand service, please refer to: status.questionmark.com


US Patriot Act

Questionmark’s European OnDemand service is run is run by a European company using an EU owned data center and is therefore resistant to legal action within the US, such as under the Patriot Act.

People Security

Systems and processes are only as secure as the people who manage them. That's why security is embedded into Questionmark's company culture.

  • Independent background checks are carried out on every employee
  • Dedicated security team that reports directly to a board member to provide independence from operations
  • Employees are required to log on with two-factor authentication for key systems of record
  • Regular employee training and assessments are given on data security
  • Regular phishing tests are administered to check and optimize employee awareness

Global Partnerships

Questionmark have long established partnerships with two of the worlds technology leaders.

SAP

Microsoft

MS partner