Professional security as standard

All Quadris staff are Cyber Essentials certified, demonstrating our commitment to implementing fundamental cybersecurity practices and mitigating common cyber threats.

Every Quadris employee is vetted to BS 7858:2019 standards, which details best practices and guidelines for the security screening of individuals employed within a security environment.

Selected Quadris employees are cleared, where required, up to the UK National Police NPPV Level 3 standard, the highest level of clearance available, covering access to Police facilities and unsupervised access to confidential material and data.

Selected Quadris employees have been cleared to UK Government Security Check (SC) clearance, providing them with uncontrolled access to Secret assets and supervised access to Top Secret assets.

Access to Quadris Cloud management and maintenance systems follows a Zero Trust guiding principal, providing access to users and teams on a granular privilege basis, based on their needs. This ensures teams only have access to the data they require, often on a read-only basis.

All Quadris staff are trained on our internal Information Security Management System (ISMS), which form part of our overall ISO/IEC 27001 accreditation. In addition to onboarding of new staff, all staff must also complete repeat awareness training throughout each year.

The Quadris Cloud data centres are independently assessed to SOC 1 Type II and SOC 2 Type II security levels, providing assurance about the controls and processes implemented specifically around the handling and security of financial data held within the platform.

Quadris treats the security of our customers and our own electronic assets with the upmost importance. We are certified to ISO27001:2013, a specification for an information security management system that is audited externally by ISOQAR.​

Quadris Cloud operates out of two UK-based data centres located (for resilience) in Manchester and London. Both sites are ISO Business Continuity Management Systems compliant (ISO 22301).

Our internal Network Operations Centre (NOC) monitors all Quadris Cloud operations 24/7 to ensure the service is safe, secure and running as expected. The NOC team employ enhanced security monitoring tools across the business to detect and respond to security incidents promptly. This includes monitoring network traffic, system logs, and implementing intrusion detection and prevention systems (IDPS) across the Quadris Cloud platform.

Incidents detected by the NOC are immediately reported to internal Security Operations Centre (SOC), who are tasking with resolving and reporting incidents.

Quadris (organisation code is 8KK76) meet the stringent NHS criteria for information security and governance and are committed to completing the Department of Health’s Data Security and Protection (DSP) Toolkit on an annual basis​.

Registration and general access to the Quadris Cloud platform requires every user to sign-in using 2FA as standard. The platform supports mobile authentication via either Google Authenticator or Microsoft Authenticator.

All Quadris Cloud passwords are set to complex 16 character + string including symbols, numbers, lower-case, uppercase and excluding similar characters. 

LAPS is used to manage all local administrator passwords for domain joined computers. Passwords are stored in Active Directory and protected by an ACL so only eligible users can read or request a reset.  

Quadris Cloud has industry-leading Web Application Firewall (WAF) from Imperva built directly into the platform, monitoring and filtering all web-based traffic.

All Quadris Cloud accounts allocate UK-based IP addresses, allowing your internal systems to be geofenced if required, adding an additional layer of protection and security.

SSL encryption ensures that the data transmitted between your web browser and Quadris Cloud remains private and secure. It prevents unauthorized parties from intercepting and accessing sensitive information such as your login credentials, credit card details, or any personal data we may hold.