To help protect your data, Questline and the Engage platform provide many features that allow you to implement the security plans and procedures required by your utility. We’ve worked hard to utilize the latest technologies and put policies in place to ensure we are adhering to industry-leading data security procedures.
- The Questline production environment runs on top of Amazon Web Services (AWS - https://aws.amazon.com/security/) and adheres to industry standard best practices regarding security in the cloud. Production systems and database access is limited to select IPs within the Questline home office and is secured with MFA (Multi Factor Authentication) restricted to a very small group of Questline systems personnel.
- Questline performs annual application vulnerability assessments.
- All Questline data is encrypted at rest using file/block level encryption (enabling compliance with HIPAA-HITECH, PCI-DSS, FISMA, EU Data Protection Directive and other data security regulations) with cryptographic keys stored separately along with a broad range of policies for object authorization, expiration, revocation, and retrieval limits.
- Questline holds a 10mm Cyber Insurance policy against data theft/data breaches
- Questline underwent SOC2 review in 2015 and again in 2017. This review focused on security, availability and confidentiality.
- All Questline applications are secured using industry standard 2048 bit SSL encryption.
- Questline maintains documented policies and procedures regarding IT Best Practices, i.e. Data Retention Policy, Asset Classification, Removable Media Policy, BYOD, Disaster Recovery, Business Continuity, etc.
- All Questline Security Policies and Procedures are reviewed and signed off on by the Questline Security Team annually.
- All Questline employees are required to go through security awareness training on an annual basis.
- Questline has been audited by many client utilities. These audits include custom security reviews as well as ISO 27001 reviews.
Specific security features in Engage also provide a safe environment for your data.
- Password strength requirements and intrusion detection – Engage enforces minimum password requirements and automatically monitors failed login attempts to prevent unauthorized access to your data.
- Roles and function permissions – These ensure that users from your utility are assigned appropriate roles so they can access only the functionality required to perform their assigned tasks.
- Secure data transfers – Engage utilizes the secure FTP and data import/export features to transfer sensitive customer and behavioral data between Engage and your systems.
What Is Required Of You
But remember, data protection requires you to be conscientious and adhere to these best practices in handling your data.
- Assign a complex password to your Engage account and don’t utilize that password for other online services.
- Log off or lock your workstation whenever you are away from your desk.
- Do not email or IM sensitive data files. These are not secure methods of transmitting data.
- Delete files from ALL locations (hard drive and network drive) when no longer needed. Do not hold on to old lists or reports that contain personal information. Empty your computer’s recycle bin after deleting.
- Do not remove or alter your computer’s antivirus and firewall application settings.