Professional security as standard

As a Quadris Cloud customer, you can take advantage of process, technology and network architecture that has been purposefully constructed to meet the stringent requirements of the most security-sensitive organisations. Most of our customers are from industries where data access and storage are highly regulated, such as legal, accounting and healthcare, meaning that security is of the highest importance to both them and us.
The security measures implemented across Quadris Cloud are designed to be as stringent (often more so) as those implemented across your own on-premises data centres, but without the costs of facility and hardware maintenance.
Quadris Cloud offers:
People

Cyber Essentials Plus certified
All Quadris staff are Cyber Essentials certified, demonstrating our commitment to implementing fundamental cybersecurity practices and mitigating common cyber threats.

BSI standard recruiting
Every Quadris employee is vetted to BS 7858:2019 standards, which details best practices and guidelines for the security screening of individuals employed within a security environment.

Selected NPPV level 3 clearance
Selected Quadris employees are cleared, where required, up to the UK National Police NPPV Level 3 standard, the highest level of clearance available, covering access to Police facilities and unsupervised access to confidential material and data.

Limited remote access to critical systems
Access to core Quadris Cloud management and maintenance systems is limited to approved members of the Quadris team, with access only available via a secure Citrix connection.

Select Government clearance
Selected Quadris employees have been cleared to UK Government Security Check (SC) clearance, providing them with uncontrolled access to Secret assets and supervised access to Top Secret assets.

Granular privilege as standard
Access to Quadris Cloud management and maintenance systems follows a Zero Trust guiding principal, providing access to users and teams on a granular privilege basis, based on their needs. This ensures teams only have access to the data they require, often on a read-only basis.

ISO 27001 ISMS trained staff
All Quadris staff are trained on our internal Information Security Management System (ISMS), which form part of our overall ISO/IEC 27001 accreditation. In addition to onboarding of new staff, all staff must also complete repeat awareness training throughout each year.
Process

SOC 1 and SOC 2 assessed
The Quadris Cloud data centres are independently assessed to SOC 1 Type II and SOC 2 Type II security levels, providing assurance about the controls and processes implemented specifically around the handling and security of financial data held within the platform.

ISO/IEC 27001 certified
Quadris treats the security of our customers and our own electronic assets with the upmost importance. We are certified to ISO27001:2013, a specification for an information security management system that is audited externally by ISOQAR.

ISO 22301 approved data centres
Quadris Cloud operates out of two UK-based data centres located (for resilience) in Manchester and London. Both sites are ISO Business Continuity Management Systems compliant (ISO 22301).

Secure hardware disposal
All physical server hardware and components are securely erased by dedicated, trained staff before being securely disposed of to UK Waste Electrical and Electronic Equipment (WEEE) recycling regulations.

Incident monitoring and alerting
Our internal Network Operations Centre (NOC) monitors all Quadris Cloud operations 24/7 to ensure the service is safe, secure and running as expected. The NOC team employ enhanced security monitoring tools across the business to detect and respond to security incidents promptly. This includes monitoring network traffic, system logs, and implementing intrusion detection and prevention systems (IDPS) across the Quadris Cloud platform.

Incident resolution and reporting
Incidents detected by the NOC are immediately reported to internal Security Operations Centre (SOC), who are tasking with resolving and reporting incidents.

NHS DSP Toolkit Compliance
Quadris (organisation code is 8KK76) meet the stringent NHS criteria for information security and governance and are committed to completing the Department of Health’s Data Security and Protection (DSP) Toolkit on an annual basis.

ITIL aligned IT management
Quadris are committed to aligning their IT processes to the Information Technology Infrastructure Library (ITIL) standard, specifically around the ITIL Security Management structure.
Technology

2FA as standard for all users
Registration and general access to the Quadris Cloud platform requires every user to sign-in using 2FA as standard. The platform supports mobile authentication via either Google Authenticator or Microsoft Authenticator.

Complex passwords by default
All Quadris Cloud passwords are set to complex 16 character + string including symbols, numbers, lower-case, uppercase and excluding similar characters.

ACL-protected Active Directory
LAPS is used to manage all local administrator passwords for domain joined computers. Passwords are stored in Active Directory and protected by an ACL so only eligible users can read or request a reset.

Windows hardening
By default, the following services are disabled for all Windows services as they present various potential security threats: SMBv1, NetBIOS, LMHash, null enumeration and cached credentials.

Integrated Imperva Firewall
Quadris Cloud has industry-leading Web Application Firewall (WAF) from Imperva built directly into the platform, monitoring and filtering all web-based traffic.

UK-based IP addresses
All Quadris Cloud accounts allocate UK-based IP addresses, allowing your internal systems to be geofenced if required, adding an additional layer of protection and security.

SSL encryption as standard
SSL encryption ensures that the data transmitted between your web browser and Quadris Cloud remains private and secure. It prevents unauthorized parties from intercepting and accessing sensitive information such as your login credentials, credit card details, or any personal data we may hold.

3rd physical location for monitoring
Quadris Cloud is monitored 24/7 via a third data centre location, building in an extra layer of security and resilience.