The provided system includes security mechanisms in all its layers. From a communication standpoint, we can say that communication via mobile devices, specifically mobile phones, presents a degree of security equivalent to the channel available via laptop/fixed computer. The system is accessible in two ways via mobile phones:
In both cases, the same security principles apply to access from any other device and are governed by the client's security and system access policies.
In terms of logical data storage, the repository is Microsoft SQL Server files, which should have the TDE (Transparent data encryption) feature enabled. Regarding the application of processes for handling the repository of these files, they must be ensured by the client's internal procedures, since the solution must be implemented On-Premises.
The choice of an On-Premises solution aims to guarantee the client full autonomy in implementing their security policies and managing the solution's life cycle. In this way, the definition and storage of encryption keys, as well as the data encryption process, do not depend on external suppliers to the client. Similarly, the BYOK (Bring your own Keys) capability is natively ensured in the system's segregation within the client's environments. The system guarantees end-to-end encryption of information on the platform (encryption-at-rest and encryption-in-transit), with encrypted communications between servers and database servers with active encryption functionality.
Operational benchmarking mechanisms, penetration testing, and incident response plans are essential to be carried out in a Cloud model but are equally relevant in an On-Premises model, although in this context they should be seen as a shared responsibility. Quidgest solutions are developed according to industry best practices and following applicable international standards. Performance monitoring is continuous and at various levels that contribute to its optimization (application, integration, communication, database, servers). In this way, the evolutionary maintenance of the solution ensures that there is a continuous review of performance, vulnerabilities, and incident response plans to guarantee a fault-tolerant solution regardless of its implementation context.
Through the webservice associated with the system administration solution (WebAdmin), the capacity for monitoring and management is ensured in an integrated way in the solution. By exposing via API, the ability to integrate with the client's monitoring tools is granted.
The proposal for an On-Premises solution allows the client to have full control over physical separation controls, robust access, monitoring, and traceability of users who have accessed the system's physical perimeter, following best practices (i.e., SOC2, SOC3, ISO27001/ISO27002)). It also allows for isolating data for expert examination for criminal prosecution purposes.
The system provided by Quidgest ensures the existence and allows the consultation of the audit trail of all interactions in the system, including master data, tracking users and processes.
Logs of all operations are kept in LogXXXAll files, where XXX corresponds to the identifier of each module. Periodically and automatically, these logs are moved to a specific audit database by QuidServer.
Most interfaces keep visible the users who created and last modified the displayed information and when they did so.
Additionally, in a balanced process between application performance and audit detail for more critical information, it can be defined which tables should keep a history of all changes made. This functionality is declared at the Genio model level, and the client can define which configuration they want to implement.
It should be noted that there are also audit processes at the authentication level when they are guaranteed by our security interface, in order to identify the moment when access to the system modules was granted, as well as log-off processes and respective access attempts. This information is permanently stored in the database and can be permanently audited by the client's pre-existing tools.
In any tool developed by QUIDGEST, the Genio software is used, which allows standardizing and bringing together all development patterns, know-how, and technologies necessary for the proper development of applications.
Thus, it is possible to make central adjustments to respond to any requirement that may be necessary, allowing the change to be reflected in all subsequent client versions put into production.
This practice ensures that, from the outset, all applications include updated security mechanisms.
All patterns developed and applied in the Genio tool are tested before being released in the final version for application in business areas and, in turn, in each client. These tests are for functionality, compilation, load, intrusion (with the SonarQube tool), among others. The SonarQube tool evaluates based on OWASP and SANS, among others.
We remind you that QUIDGEST is certified in ISO 27001 in the scope of design, development, and automatic generation of information systems and related consulting, training, research, technical assistance, and evolutionary maintenance activities.