Product
Discover our solution
Use cases
Use Cases
Tour the product
Resources
Company
Join the team
Data security is at the heart of Qohash’s mission: our customers trust us with their most sensitive information. We build security into every part of our business so you can rest assured that your data is safeguarded.
We obtain industry-accepted attestations to give you assurance that our practices are best in class.
SOC 2 is an audit report from the AICPA that focuses on controls relevant to security, availability, and confidentiality at a service organization. Our SOC 3 is report also available.
Available upon request – ask our sales team for details.
ISO 27001 is a global standard for managing information security, ensuring organizations systematically protect their sensitive information.
ISO 27701 is an extension of ISO 27001 specializing in privacy management (PII handling and GDPR compliance)
ISO 42001 is an international standard that specifies requirements for establishing, implementing, and maintaining an AI Management System (AIMS).
The best security tools offer a standard set of essential features that are non-negotiable. Our commitment to secure defaults means that all the following features are included at no extra cost.
Qostodian tracks data, not files. Data is identified by its hash, and none of it leaves your premises without being encrypted using keys that only you control.
Your data and resources are completely separated from other customers in every data store. We prioritize strong isolation to ensure the protection of your data, reducing any risk of unauthorized access or disruption from other tenants.
Every tier includes SSO access, allowing users to log in using their existing corporate identity. Multi-factor authentication (MFA) is always enforced.
RBAC allows access levels to be based on specific roles, ensuring users have the appropriate permissions for their responsibilities. Qostodian also offers the ability to create custom roles, helping you to align with the principle of least privilege.
Qostodian simplifies user management by integrating with Azure Active Directory (AD). User identities are synchronized, reducing the administrative burden of removing inactive users.
Access to each tenant on the platform is always restricted to a list of known IP addresses, helping you to reduce your attack surface and prevent unauthorized access.
Comprehensive activity logs capture sensor management, administrative, and platform configuration changes. By default, these logs are protected against deletion to ensure non-repudiation. You can easily retrieve audited events from a GraphQL API for integration with your log management tools.
Qohash secures its own operations through a standards-based framework covering development, deployment, and maintenance, backed by continuous investment in industry-leading practices and team training.
Qohash prioritizes resilience as a core value, fostering a culture of awareness, responsibility, and vigilance among all team members. We promote security best practices and ensure that security considerations are embedded in every aspect of our operations.
We follow a robust DevSecOps approach, integrating security practices into the entire software development lifecycle. This enables us to identify and address security vulnerabilities early on, reducing the risk of potential threats and ensuring the security of our product.
To ensure the effectiveness of our security measures, we engage in regular external verification processes. We collaborate with independent security auditors and experts who evaluate our systems, processes, and controls to validate the security of the platform.
Qohash is committed to a process of continual improvement to enhance the security of our products and maintain a proactive stance against emerging threats. We regularly assess our security practices, conduct risk assessments, and stay up to date with the latest security trends to ensure that our customers’ data and systems remain protected.
We appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Qohash systems, please email [email protected]. It is important to note that any unauthorized testing, including attempts to degrade or intentionally harm the Qohash service, is strictly prohibited. Such actions will not be tolerated, and we reserve the right to take legal action against individuals engaged in such activities.
To support a timely and effective response to your report, please include any of the following: