Skip to content
Security & Compliance

Built for IT-governed environments.

Security posture, compliance frameworks, deployment options, and review materials for healthcare, defense, financial, and enterprise customers.

// Compliance frameworks
SOC 2
Type II audit annually
HIPAA
Aligned controls
HITRUST
Aligned CSF mappings
FedRAMP
Moderate alignment
ISO 27001
Aligned ISMS
GDPR
Compliant data handling

Specific compliance attestations (e.g. SOC 2 Type II report) available under NDA. Contact security@qubyx.com.

// Security posture

Layered controls. No surprises.

Encryption at rest

AES-256 at rest for all data. Encrypted database, encrypted backups, encrypted disk volumes.

Encryption in transit

TLS 1.3 for all network traffic. Certificate pinning where applicable. HSTS enforced.

SSO & RBAC

SAML / OIDC enterprise SSO. Role-based access at every level of the fleet hierarchy.

Audit logging

Every administrative action logged. Tamper-resistant log shipping to your SIEM available.

Deployment options

Cloud (managed), on-premise, private cloud, and fully air-gapped — same product, same controls.

Vulnerability handling

Responsible disclosure program at security@qubyx.com. Penetration tests annually. Patch SLA documented.

Personnel security

Background checks, principle-of-least-privilege access, mandatory security training, and access reviews.

Data lifecycle

Data classification policy, retention controls per tier, deletion on request, export tooling.

Change management

CI/CD with mandatory review, infrastructure as code, immutable infrastructure, rollback tested.

// Deployment matrix
ModelHostingData locationNetwork accessBest for
QUBYX CloudManaged by QUBYXUS / EU / APACInternetMost customers
Private cloudCustomer AWS/Azure/GCPCustomer-controlledVPC / VNetStrict data-residency
On-premiseCustomer data centerOn-siteCustomer LANHealthcare, defense
Air-gappedIsolated networkFully offlineNoneClassified, restricted
// Security review

Getting through enterprise review.

We’ve been through hundreds of vendor reviews. Here’s how to make yours fast.

  1. // 01

    Send the request to security@qubyx.com

    Include scope (which product, how many users, deployment model) and which artifacts you need.

  2. // 02

    Receive trust packet within 2 business days

    Includes SOC 2 (NDA), security questionnaire (CAIQ / SIG Lite), architecture diagram, and data flow.

  3. // 03

    Standard questionnaires handled

    CAIQ, SIG, custom HIPAA / HITRUST / FedRAMP / ISO questionnaires — we have pre-filled responses ready.

  4. // 04

    NDA & MSA negotiation

    Standard NDA and MSA templates available. Custom legal terms reviewed by our counsel within 5 business days.

  5. // 05

    Penetration test report on request

    Annual independent pen test summary available under NDA.

Need our security packet?

Email security@qubyx.com with scope and we’ll send the trust packet, NDA, and questionnaire responses within two business days.

Email security team Enterprise pricing