Qudini Security

Qudini takes information security incredibly seriously and is ISO27001 certified. A robust set of company policies and procedures ensure maximum information security.

Qudini undertakes regular penetration testing with CREST accredited suppliers. CREST is a top tier security standard, learn more here.

The Qudini platform uses role-based password authentication (with strong password standards), and even enables our head office user to control permissions across their users.

Firewalls protect all of our core systems and our application database and ensure they are not directly accessible from the internet.

The Qudini database has encryption at rest. Access to our server infrastructure is provided on only a need-to-know basis, and those with access require a combination of two factor authentication and key-based authentication.

Automated performance monitoring, vulnerability scanning and centralised log management are used to monitor our system for vulnerabilities and suspicious activity. Automated alerts are in place to inform the Qudini IT team of any issues by email/push notifications. In the event of any issues, security patches are prioritised.

Qudini employees are essential handlers of information within the business. All employees joining the company our processed through essential background checks including reference checks, identity checks, right to work checks, basic criminal record checks, with higher levels of checks for senior roles.

The Qudini organisation has a complete and robust set of policies and procedures that ensure continued information security, legal compliance and business continuity to support our clients.

The Qudini system is hosted on the Amazon Web-Services (AWS) platform. This provides managed infrastructure and allows us to deploy instances of our software in multiple locations around the world, enabling us to direct our client business locations to the nearest server for high availability within their opening hours.

The Qudini platform is hosted using AWS on servers within at least threedifferent availability zones. This ensures continuity in the event of an AWS region outage.

Our platform uses Autoscaling. This enables us to automatically monitor load and performance and, during periods of high usage, to automatically scale our software to new AWS servers without our clients experiencing any impact from the high load on the initial servers.

Qudini uses well known solid programming languages and frameworks to build our software on.

Uptime is an essential KPI to Qudini. We ensure our clients are provided with at least 99.5% uptime during their business hours. In a given month, uptime rarely falls below 99.9%. Our clients are even provided with uptime reports.

Qudini automatically handles backups for you. This ensures you never lose any data. Your data is live replicated to multiple availability zones within a region, and nightly snapshots are taken to ensure the ability to recover to a point in time.

Qudini works to ensure that our software can be accessed on any hardware device with native apps for IOS, Android and Windows and we support all core browser types (Internet explorer, firefox, chrome and safari)  for as long as Microsoft do. This ensures our clients can deploy and support Qudini with their chosen hardware strategies.

Qudini offers two hosting options to our clients. 1) Hosting on our shared server environment is ideal for hosting a smaller number of stores. 2) Hosting via a Virtual Private Cloud (VPC) solution. his enables larger clients more control over their releases, performance and security options.

Learn more about our hosting options here.

Qudini prioritise resolving any issues experienced by our clients. Issues are prioritised based on impact. Priority 1 issues are responded to within 1 hour and resolved within 4 hours.

The Qudini support team are essential to ensuring that our clients are able to access and use the system to the best of it’s abilities. Our support team are highly proactive and dedicated to supporting our clients issues at the agreed support times.

Qudini as an organisation is compliant with the standards of GDPR. We work continuously with our legal advisors and Data Protection Officer to ensure that our handling of personal data is GDPR compliant and compliant with the ePrivacy Directive.

We consult our clients proactively to support their GDPR compliance when using our software and have created a useful guide which can be found online here.

Qudini clearly defines the different categories of data that we collect. We store and process this data only as strictly necessary to operate our business and provide our services to our clients. More information can be found in our privacy policy and our other terms and policies.

For client’s using our software, we act as a data processor. All customer, employee and operational data captured within our platform is the property of our our clients as the Ddata Ccontroller, and is processed based on their instructions.

In general and when it comes to data processing, we always choose highly credible and robust suppliers who are GDPR compliant and, ideally, ISO27001 accredited.

The list of sub-processors processing personal data on our behalf can be found here.

For your customers using Qudini to book appointments and events or to join the queue, it is important that they are able to access information on how their data is used and can provide consent (where legally required). Qudini displays our cookie policy to customers and enables you to easily enable a link to your privacy policy on our consumer interfaces.