Compliance & Security Safeguards

Quantum Whisper Security, Compliance and Reliability Safeguards

Quantum is a "born in the cloud" software as a service (SaaS) independent software vendor (ISV). We are a long time Microsoft business partner and have developed our entire solution and infrastructure on Microsoft Azure. In doing so, we joined 90% of Fortune 500 companies that use Microsoft Azure to support their business.

Security Lock.png

At Quantum Whisper we know that our customers rely on us as an important part of their business processes. We take our responsibilities to our customers seriously, and the security and reliability of the software, systems and data that make up the Quantum Whisper application are our top priority. For that reason, we chose the Microsoft Azure Cloud platform to develop and deliver our solutions. For more information on Microsoft and Azure security, visit the Microsoft Trust Center.

Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402), SOC 2 (AT Section 101), and SOC 3 standards. Note, many service organizations that previously had a SAS 70 service auditor’s examination (“SAS 70 audit”) performed converted to the new standard in 2011 and now have a SSAE 16 report instead - also referred to as a Service Organization Controls (SOC) 1 report. You can see all SOC reports through the Service Trust Platform.

Microsoft Data Centers

  • Designed to detect threats and protect customer data with detection and authentication tools
  • Ensure operations with high availability and disaster recovery
  • Always Encrypted
  • Dynamic Data Masking
  • Threat Detection

Regulatory Compliance

US privacy and data protection laws have centered on securing personally identifiable information (PII) against unauthorized access. In recent years, lawmakers have focused their efforts on safeguarding consumer financial and medical information. The laws and regulations that have evolved try to balance consumer privacy rights against industry’s need to freely communicate data within their organizations and to share data with partners. Note, currently there is no official certification for HIPAA or HITECH Act compliance. However, all the Microsoft services consumed by Quantum Whisper are covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification. 

HIPPA Business Associate Agreement (or BAA)

HIPAA requires that both covered entities and their business associates – defined as any organization that works with PHI – enter into contracts with each other. These contracts ensure that business associates have in place technical and managerial systems to protect PHI. When working with Microsoft Azure, this means entering into a Business Associate Agreement (BAA) with Microsoft. For Microsoft cloud services like Azure, the HIPAA Business Associate Agreement is available via the Online Services Terms. As a Microsoft customer and business partner, the HIPAA BAA is automatically accepted when ISVs (e.g., Quantum Whisper) agree to Microsoft's default online services terms. You can view and download the BAA directly form Microsoft's Licensing Terms and Documentation website.

Azure Security Center helps streamline the process for meeting regulatory compliance requirements, using the regulatory compliance dashboard. Security Center continuously assesses the configuration of your resources to identify security issues and vulnerabilities.

Available Quantum Whisper Compliance Reports

Quantum Whisper uses Microsoft products and services to meet regulatory compliance standards and comply with national, regional, and industry-specific requirements governing the collection and use of data. Below is a snapshot of our regulatory compliance dashboard. The Quantum Whisper score for the respective report is in (parentheses). Copies of reports are available to customers upon request.

Quantum Whisper Secure ScoreQuantum Whisper Compliance Report Status

1. Azure CIS 1.1.0 -  Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark Regulatory Compliance (100%)
2. SOC TSP - Service Organization Controls (SOC) framework, is a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud (100%)
3. HIPAA-HITRUST - The Health Insurance Portability and Accountability Act (HIPAA) is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. The Health Information Trust Alliance (HITRUST) is an organization governed by representatives from the healthcare industry (100%)
 

Responsible Disclosure of Security Vulnerabilities

If you think you have found a security vulnerability with our service, product, or website please, please contact us immediately and report it to us.

Summary

Quantum Whisper adheres to Microsoft reference architectures, compliance guidance and Azure services to meet regulatory compliance standards.

Integrate with confidence.