Security by design

Ensuring privacy by design within internal systems and processes is a central tenet of GDPR. Thankfully, every aspect of the Qunote system has been designed with privacy in mind.

User access to functionality and data is permission driven, giving you complete control over what parts of the system and client files your users have access to, and permissions can be easily amended at any point. Should you need to entirely revoke a user’s access to the system, this can be done at the click of a button.

Audit logs for each user’s activity are accessible from the administration area, helping you ensure accountability in the case of an internal data breach.

All data is stored on an enterprise-level server hosted in a state of the art UK data centre protected by the following security controls:

  • Own dedicated compound
  • 24-hour manned security, and manned physical access points
  • Access by approved personnel only
  • Physical access logging and monitoring
  • CCTV and automatic intrusion detection
  • Full back-up power supply
  • Temperature and humidity controls, with continual climate monitoring
  • Automatic fire detection and suppression
  • Strict asset management protocols
  • Automated redundancies in the event of hardware failure
  • Regular maintenance of hardware and mechanical systems
  • Round the clock monitoring of all infrastructure

All data is encrypted at rest, as well as in transit using 2048-bit TLS end-to-end encryption, and the server is protected by in-built network firewalls. The system database is backed-up on a daily basis to a geographically separate secure cluster also located in the UK, with back-ups held on a seven-day rolling basis.

Our server infrastructure provider and server management team are both ISO27001 certified, and have confirmed compliance with the GDPR and UK DPA.

Under the GDPR, it is essential that you are able to easily access, change or delete the data you hold if required.

Qunote’s comprehensive search functions make it incredibly easy to manage the data you hold, allowing you to quickly and simply find notes on a client’s file going back several years. By setting up different client groups, you can archive closed cases while retaining easy access to the data should you require it, such as in the event of a subject access request.

Data stored within Qunote also meets GDPR’s requirement of portability, with user facilities to export data directly from the system and a full database export in “machine-readable” format available upon request.