Security
QMetrix is committed to ensuring the information entrusted to us is secure and protected.
Security overview
QMetrix’s Information Security Management System (ISMS) helps to protect the confidentiality and integrity of the information assets entrusted to us by our employees, clients and partners.
QMetrix’s Information Security Policies, implement controls across the organisation, which impacts our employees, places we work and the technology we use.
QMetrix’s data security practices have been audited against the ISO/IEC 27001:2022 control framework by trusted audit firm, Sustainable Certification. It provides anyone working with us the added assurance that QMetrix complies with the world’s best-known standard for information security management systems.
Employee security
QMetrix performs background checks on all new employees and provides security training as part of the onboarding process. To maintain a high level of security awareness, we implement continuous security training that simulate real-world events. This training occurs throughout the year at ad-hoc intervals to assess and ensure that our employees can effectively recognise and successfully report potential attacks.
Security policies and controls
QMetrix’s ISMS ensures we follow best practices for securing the information assets entrusted to us. The ISMS is governed by an overarching information security framework that establishes the foundation for information security.
The ISMS maintains a set of policies and procedures that are reviewed and approved by QMetrix’s Information Security Committee. These policies include:
- Access Control
- IT Systems Operational Management
- Network Security
- Business Continuity Management
- Information Security Management
- System Acquisition and Development
- Human Resources Security
- Information Systems Acceptable Use
QMetrix’s ISMS adopts the following information security principles:
- A risk-based approach used to manage information security
- A ‘three lines of defence’ model
- The systems and processes used to manage information security are based on industry standards and guidelines
- The information security management system is reviewed and improved on an ongoing basis
- Multiple layers and types of security controls are implemented to provide defence-in-depth and control diversity
- Access to information and systems is denied by default
- Roles and responsibilities are allocated to enforce segregation of duties where practical
- Systems and processes are implemented to identify and control any incidents that occur
- A comprehensive suite of documentation is maintained. It defines how information security is managed, what security controls are required, and the roles and responsibilities for implementing and maintaining the controls
Management commitment
The Directors at QMetrix are committed to upholding information security. They do this through managing risk exposure by maintaining the security of information assets, complying with relevant legal and contractual requirements related to information security, and continually improving the information security management system.
As part of this, a range of security policies have been developed as outlined above. The Directors fully endorse the information security policies, communicate to staff that security is everyone’s responsibility, provide relevant training, and ensure that policies are implemented consistently throughout the organisation.
Cybersecurity insurance
QMetrix carries insurance coverage for cybersecurity.
ISO27001 certification
QMetrix’s data security practices have been audited against the ISO/IEC 27001:2022 control framework by trusted audit firm, Sustainable Certification, and have been issued a successful report. QMetrix’s certification can be viewed here.
The ISO/IEC 27001 certification is an internationally recognised standard for Information Security Management that emphasises stringent security measures to safeguard sensitive data, proactive risk management procedures to identify, assess and manage security risks, as well as continuous improvement to adapt to evolving threats. It promotes a holistic approach to information security by vetting people, policies and technology.
Achieving this certification demonstrates QMetrix’s continued commitment to information security at every level and ensures that the security of the data we hold is properly controlled in all areas of our organisation.
This page was last updated in August 2024.