Skip to content

Security

Questback is a European-based company. We take IT security and data security extremely seriously and are 100 % GDPR-compliant.

Data Storage Location – Questback uses ISO-certified high-performance data centers 100% hosted in Germany.

Penetration Testing – To achieve the highest level of security, Questback uses independent cyber security companies for regular penetration testing. The most recent test gave very good results.

Data Access – Questback tenant is protected by a best practice setup in terms of security, performance and redundancy that has been developed over years. Back-end services and databases are only accessible from inside the tenant and can not be reached from outside without using VPN access. All resources on the Questback tenant accessible from outside is encrypted with SSL. Direct access is performed by personal VPN access secured by two factor authentication (2FA).

Audit Logs – Further, Questback provides audit logs for administrator activities and when users access data.

Authentication – Every request – internal or external – is authenticated and validated for authorisation. All data requests come from authenticated and approved users, with forms-based and SAML 2.0 authentication.

Secure Login – Questback users are protected by using Single-Sign-on (SSO) and multi-factor authentication (MFA).

PII and Data Encryption – Volume encryption is activated on all volumes inside the Questback tenant for encryption at rest. The encryption keys are stored in a Hardware Security Module (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Level 3 security certification. The master key stored in the HSM is of the AES256 standard. In addition to the volume encryption, Questback databases are encrypted with TDE using another AES256 master key. TDE encrypts database storage files on the hard drive.

All incoming customer requests to the Questback tenant utilize SSL (encryption in transit)

Product Security – Security is incorporated into every phase of the software development life cycle. Security is baked into the code from inception rather than addressed after testing reveals critical product flaws. Security is part of the planning phase, incorporated even before code is written. We test code early and often. We employ static and dynamic testing throughout the development process. We consider software security requirements alongside the functional requirements. We conduct risk analysis during design so we can identify potential environmental threats.

Business Continuity – Questback Essentials application is configured to provide nearly full-time availability and it has redundant hardware and software that make it available despite failures.  Multiple components can perform the same task and are distributed over 2 or 3 data centers. The problem of a single point of failure is eliminated as redundant components can take over a task performed by a component that has failed. As part of our preparation to possible disaster situation we test full restore procedure to insure that we are aligned to our expectations.

System redundancy and back-ups – Storage was designed to be highly durable. Multiple copies of the data are stored across servers in the different data centres. Additionally, data integrity is actively monitored using checksums. Corrupt data is auto detected and auto healed from redundant copies. Any loss of data redundancy is actively managed by recreating a copy of the data.
Besides high availability, we are running policy-based backups to perform automatic, scheduled backups and retain them based on a backup policy. Those backups can be restored across data centers.

IT and Data Security Training – Questback regularly trains it staff on IT and Data Security – just right now we have one IT security training including security threats simulations from independent external parties ongoing.

For more details look at our Trust Center https://www.questback.com/trust-center/

Contact

Questback Global Questback Finland Questback Benelux Questback Norway Questback Sweden Questback Germany Questback Spain Questback France Questback Italy Questback South Africa Questback United Kingdom

Global

Support sales@questback.com
Bogstadveien 54, 0366 Oslo
Questback AS

Finland

Support sales.fi@questback.com
Keilaniementie 1, 02150 Espoo
Questback OY

Benelux

Support sales.nl@questback.com
Millennium Tower, Radarweg 29, 1043NX Amsterdam
Support:  +47 21 02 70 70
Sales:  +31 61 66 97 463
Questback Nederland B.V.

Norway

Support sales.no@questback.com
Bogstadveien 54, 0366 Oslo
Support:  +47 21 02 70 80
Sales:  +47 21 02 70 70
Questback AS

Sweden

Support sales.se@questback.com
Sveavägen 59, 113 59 Stockholm
Support:  +468 440 88 21
Sales:  +468 440 88 00
Questback Sweden AB

Germany

Support sales.de@questback.com
Kurfürstendamm 30, 10719 Berlin
Questback Deutschland GMBH

Spain

ssarrate@questback.es
C/ O´Donnell18, 3ª Pta, 28009 Madrid
Tech Feedback Solutions sl (authorized partner)

France

contact@valmaison.fr
2 chemin de l’Acre St Pierre, 27120 Chaignes
Valmaison Sarl (authorized partner)

Italy

gianluca.poscente@questback.it
Via Delle Gondole, 13, 00121 Rome
Gianluca Poscente (authorized partner)

South Africa

info@questback.co.za
16 General Hendrik Schoeman Str, Cape Town
QB insights cc (authorized partner)

United Kingdom

sales.uk@questback.com
Questback UK Ltd

Trusted by Clients Worldwide