• Home
  • FAQs
  • How does Questionmark keep the platform secure and how do you guard against loss of data?

Keeping the platform secure and protecting data

We appreciate how critical security and reliability are to both to our success and yours.

In a world where data breaches and requests for access to personal data are regular occurrences, it is essential that you choose an assessment service provider that considers the protection and privacy of your data a priority. Questionmark is committed to the highest levels of trust, transparency, and compliance.

We are fully compliant with ISO 27001, the most widely recognized information security standard in the world. Questionmark was accredited after in-depth assessment by external, accredited auditors. It recognizes companies for establishing, implementing, maintaining and continually improving their Information Security Management System (ISMS).

We have also completed the Cloud Security Alliance (CSA) STAR (Security, Trust and Assurance Registry) assessment.  The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. CSA’s Security, Trust and Assurance Registry (STAR) is an industry leading program for providing assurance and validation that a participant is following security best practices for cloud providers.

Questionmark operates a trustable, scalable and robust OnDemand Service for managing, delivering and reporting on assessments. Questionmark’s OnDemand Service contains multiple layers of security, including physical safeguards, access control, environmental management and uninterruptible power supply, and is protected by firewalls to appropriately restrict access.

Access Control & Physical Security

  • Our infrastructure is hosted in two secure state-of-the-art data centers: one in North America and one in Europe
  • Every data center has 24-hour manned security, and access is restricted to select personnel with appropriate identification
  • Video surveillance, motion detectors and intruder alarms are located throughout each facility
  • Redundant power grid connections, batteries, multiple generators, tier-one internet connections and secure off-site backups

Network Protection

  • Internet traffic in and out of the data center is encrypted using TLS
  • An Intrusion Detection System (IDS) monitors network traffic and finds malicious attacks before they occur
  • Each server in the various tiers is protected by a host-level firewall
  • A Bastion Host is used to allow system maintenance without damaging system security or integrity
  • Antivirus technology is used and updated on a regular basis

Application Monitoring and Transparency

Servers are continuously monitored for downtime and designed to notify the Network Operations Center for action to be taken immediately. The service is monitored from around the world to track performance and connect, processing and transfer times. We believe in transparency. Questionmark is willing to provide penetration test results for customers under NDA.

US Patriot Act

Questionmark’s European OnDemand service is run is run by a European company using an EU owned data center and is therefore resistant to legal action within the US, such as under the Patriot Act. See our trust page for a fuller explanation of our security measures – Trust Center