BEST PRACTICES

Incident Response Plan

  • When security events are detected they are escalated to our emergency team who are notified and assembled to rapidly address the event.

  • We notify affected customer(s) as soon as possible

  • After a security event is fixed we write up a post-mortem analysis.

  • The analysis is reviewed in person, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.

Build Process Automation

  • We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes.

  • We deploy code every 2 weeks on average, and we can also deploy hotfixes in minutes, so we are confident that we can get a security fix out quickly when required.



INFRASTRUCTURE

  • All of our services run in the cloud. Qondor does not run our own routers, load balancers, DNS servers or physical servers.

  • All services and data are hosted in Microsoft Azure facilities in Ireland (within EU), and services have been built with disaster recovery in mind. Read more around Microsoft Azure Security at https://www.microsoft.com/en-us/trustcenter

  • All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.

  • Qondor uses Microsoft Azure backup solution, keeping 30 days of historical backup data. 



DATA



DATA TRANSFER

  • All data sent to or from Qondor is encrypted in transit using 256 bit encryption.



APPLICATION MONITORING

  • On an application level, we produce audit logs for most activity.

ACCESS CONTROL


GDPR COMPLIANCE

We are committed to supporting our customers in complying with the General Data Protection Regulation (GDPR): 

We're closely following the developing interpretations and guidelines on key provisions of the GDPR from the EU Article 29 Working Party and are adapting our plans accordingly.


PCI OBLIGATIONS

Qondor is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe and Nets.

Did this answer your question?