Passer au contenu

Sécurité et conformité

Conçu pour l’informatique gouvernée environnements

Posture de sécurité, cadres de conformité, options de déploiement et documents de revue pour les clients du secteur sanitaire, défense, financier et entreprise.

// Compliance frameworks
SOC 2
Type II audit annually
HIPAA
Aligned controls
HITRUST
Aligned CSF mappings
FedRAMP
Moderate alignment
ISO 27001
Aligned ISMS
GDPR
Compliant data handling

Specific compliance attestations (e.g. SOC 2 Type II report) available under NDA. Contact security@qubyx.com.

// Security posture

Layered controls. No surprises.

Encryption at rest

AES-256 at rest for all data. Encrypted database, encrypted backups, encrypted disk volumes.

Encryption in transit

TLS 1.3 for all network traffic. Certificate pinning where applicable. HSTS enforced.

SSO & RBAC

SAML / OIDC enterprise SSO. Role-based access at every level of the fleet hierarchy.

Audit logging

Every administrative action logged. Tamper-resistant log shipping to your SIEM available.

Deployment options

Cloud (managed), on-premise, private cloud, and fully air-gapped — same product, same controls.

Vulnerability handling

Responsible disclosure program at security@qubyx.com. Penetration tests annually. Patch SLA documented.

Personnel security

Background checks, principle-of-least-privilege access, mandatory security training, and access reviews.

Data lifecycle

Data classification policy, retention controls per tier, deletion on request, export tooling.

Change management

CI/CD with mandatory review, infrastructure as code, immutable infrastructure, rollback tested.

// Deployment matrix
ModelHostingData locationNetwork accessBest for
QUBYX CloudManaged by QUBYXUS / EU / APACInternetMost customers
Private cloudCustomer AWS/Azure/GCPCustomer-controlledVPC / VNetStrict data-residency
On-premiseCustomer data centerOn-siteCustomer LANHealthcare, defense
Air-gappedIsolated networkFully offlineNoneClassified, restricted
// Security review

Getting through enterprise review.

We’ve been through hundreds of vendor reviews. Here’s how to make yours fast.

  1. // 01

    Send the request to security@qubyx.com

    Include scope (which product, how many users, deployment model) and which artifacts you need.

  2. // 02

    Receive trust packet within 2 business days

    Includes SOC 2 (NDA), security questionnaire (CAIQ / SIG Lite), architecture diagram, and data flow.

  3. // 03

    Standard questionnaires handled

    CAIQ, SIG, custom HIPAA / HITRUST / FedRAMP / ISO questionnaires — we have pre-filled responses ready.

  4. // 04

    NDA & MSA negotiation

    Standard NDA and MSA templates available. Custom legal terms reviewed by our counsel within 5 business days.

  5. // 05

    Penetration test report on request

    Annual independent pen test summary available under NDA.

Need our security packet?

Email security@qubyx.com with scope and we’ll send the trust packet, NDA, and questionnaire responses within two business days.

Email security team Enterprise pricing