Quantify IP Cloud Services

[ Log In ]

Cloud Services Security


Quantify IP is committed to data security and customer privacy. Quantify IP’s Cloud Services utilize a hosting provider who shares this commitment. LiquidWeb hosts QIP’s Cloud Services website as well as application software and data servers, as well as the Dashboard data server and website.

The scope of this page covers the Quantify IP Cloud Services applications, data, and the Dashboard.

Architecture

The Cloud Services website (ras.quantifyip.com), hosted by LiquidWeb, provides a user interface with access to the Quantify IP hosted applications, such as Portfolio Estimator, Portfolio Estimator Trademarks and the Dashboard. Each customer assigns an internal administrative manager to create and maintain individual user accounts, thus controlling password protected access to the data.

If using one of these hosted applications, this site also becomes the gateway to retrieve reports produced within the PE applications. Additionally, this login is used when uploading new data to the Dashboard from PE, whether from the cloud or desktop application.

The Application server(s) store the hosted PE applications, along with independent Access Databases containing the imported and/or manually entered docketing data and custom user settings. These folders are under strict user level security, and are labeled using a numeric coding system to maintain anonymity. Access to the information stored on these servers is only available to authorized users for each company via the published applications and the report repository. End users do not have desktop access to these servers, and reports can only be retrieved by downloading them from the Cloud Services portal.

This structure enables folder level security, allowing each company to control their own access using the Cloud Services website, account administration. The Application server(s) are only available to authorized QIP Administrators for setup and maintenance.

The SQL Database server(s) are the backend SQL data storage for the Dashboard. When a user ‘Uploads’ data from the Portfolio Estimator Reports/Dashboard menu, a unique, numerically named database is created or updated. The uploaded fields have been carefully selected to minimize exposure, while not compromising reporting results. Besides authorized QIP administrators, only the customer’s Manager User account defined on the Cloud Services website has permissions on that database, and authentication to these servers is necessary to perform the ‘Upload’ function.

The Dashboard utilizes data uploaded from the Portfolio Estimator to the SQL Database server(s). This framework uses a dynamic link to each company’s unique SQL database. These dashboards are labeled using an internally created numbering schema to maintain anonymity. As an extra layer of protection, this frame/data is published and only accessible via the Cloud Services website for authorized users who are setup under the primary company account.

Security Policies

In addition to those of our partners, Quantify IP maintains an internal Information Security Policy and Risk Assessment Policy. The policies are updated and reviewed with employees on at least an annual basis.

LiquidWeb provides a SOC 2 SSAE 16 and SOC 3 reports. Certifications are available at https://www.liquidweb.com/about-us/policies/certifications.

Partner Service Levels

LiquidWeb has an SLA for 100% network and power uptime. More information is available at https://www.liquidweb.com/support.

Privacy

Quantify IP, along with our partners, are compliant with the EU General Data Protection Regulation.

Quantify IP Privacy Policy: https://www.quantifyip.com/quantify-ip/legal/privacy-policy.aspx

Liquid Web Privacy Policy: https://www.liquidweb.com/about-us/policies/privacy-policy

Access Control

Quantify IP grants access on a need to know basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination. Access to system and application components are limited to only those users whose job requires such access.

Highly-sensitive duties and areas of responsibility are segregated to reduce opportunities for unauthorized modification, fraud, or misuse of assets.

Multi-factor authentication is required for employee remote access to internal systems.

Hosting providers are restricted from access to Quantify IP data.

Vulnerability Testing

Vulnerability assessments, scans and penetration tests are performed by Quantify IP at least annually on both internal and external networks and services.

LiquidWeb conducts quarterly internal vulnerability assessments and external network assessments. See Network Security at https://www.liquidweb.com/wp-content/uploads/2018/05/Liquid-Web_SOC-3_Final.pdf.

A plan is in place to remediate all issues that were ranked Critical or High within 90 days.

Event and Communications Management

An Incident Management process is utilized to investigate and track identified and reported security issues to resolution.

A Change Management process ensures a review for potential security impacts when changes are made.

Internal Data Security

Internally, Quantify IP utilizes multilayered end point security as well as a firewall and SMTP and DNS filtering. A network intrusion detection/prevention system and audit logging is in place, and detected issues enter into the Incident Management process.

All servers and workstations are backed up according to a specified schedule, and back up data is securely stored off-site. Disaster recovery testing is conducted to ensure proper restoration.

Client data is encrypted in storage and transmitted to cloud services using industry-standard SSL/TLS encryption for data in transfer.

Remote users connect to Quantify IP resources using SSL/TLS and AES-256 encryption.

Critical security patches are evaluated and applied with one month of issuance.

Encryption keys are stored and managed in a central location, separate from the data it encrypts.

A data destruction and disposal program is in place to ensure data protection at the time of system retirement.

Physical Security

In addition to those of our hosting providers, Quantify IP maintains a documented internal physical security policy that is approved by management and communicated to employees.