Quantium System & Data Security FAQ

Detailed answers to common queries

encrypted with the latest security technology

Vanta SOC 2 Type II
Quantium is SOC-2 Type II Certified

Quantium is a mission-critical custodian of our clients’ most sensitive, confidential data. Proudly built on the Microsoft Azure platform and SOC 2 Type II rated, we adhere to the industry gold standard for encryption, data storage, and authentication to ensure end-to-end data safety.

Still have questions about our data security and compliance protocol? E-mail us at support@quantium.pe and we will get back to you as soon as possible.


01. Access control

We prevent unauthorized access to the system both internally and externally, with multi-factor authentication, fully configurable user privileges and access rights, and enterprise-level password rules.


02. Network security

Our state-of-the-art technology prevents cybersecurity attacks from external parties seeking entry into Quantium’s network. Measures include access control for each service tier (separation of app and DB layers), encrypted HTTPS communication and regular OWASP Top 10 Vulnerabilities scanning and tests.


03. Application security

Quantium is equipped with transaction-level and file management audit trails, the maker-checker feature and the risk monitor function. These protect against application layer risks including internal control, transaction tracking and data entry error risks.


04. Data protection

Our database is hosted securely on Microsoft Azure and is SOC 2 Type II compliant. Quantium prevents unauthorized data modification, data loss and data transfer with measures such as regular automated backups of SQL and MongoDB databases, and storage clustering for high availability.


05. Monitoring & response

Quantium’s cybersecurity framework monitors and manages security threats around the clock, including an always-on activity log and an audit trail that tracks database events and anomalous database activities. Our systems undergo security and compliance monitoring by Vanta, a leading security compliance service provider.

Deployment & cybersecurity FAQ

Where is the Services Data hosted?

Client Services data for cloud customers is hosted on Microsoft Azure data centers in Singapore and the Netherlands with reliable power sources and backup systems that offer 99.9% SLAs and redundancy.

Azure’ infrastructure is certified for many standards including SOC 2, PCI DSS Level 1, Fedramp. Each cloud client has a dedicated database with no mixing or blending of Services data with that of other customers.

How is data recovered in the case of data loss in the production system?

For cloud customers, Quantium automatically creates a backup of database on a daily basis for the past ninety (90) days. For data older than (90) days, backup is done on a weekly basis throughout service period. 

For on-premise customers, Quantium provides consulting with client’s IT team to implement regular data backups. 

What load balancing measures are in place?

Azure App Service provides load balancing capabilities to distribute traffic across multiple instances of an application. This enables traffic to be automatically distributed across these instances and ensures that application traffic is handled seamlessly. 

Can different users have different privileges to access different data?

Yes, Quantium allows for flexible scope / visibility settings whereby the system administrator from client side can customize the access rights of each user to particular sets of entity (e.g. asset, funds) depending on each client’s requirements. 

The client administrator can also configure each user’s access to different menus (e.g. fund summary, portfolio analytics) to be full access, read-only or no access. 

Does the system support SSO? If yes, what SSO protocols or providers are supported?

Quantium currently offers two types of signin methods: 
 
1. Quantium ID credentials: Accessed using a username and password which are managed by Quantium authentication services and implemented through identityService4. This authentication method is fully compliant with oAuth2.0 standards. 
 
2. Microsoft SSO: Seamless integration available for organizations using Microsoft Azure Active directory. This method can be enabled by the client’s administrator.

What happens to our data if the partnership ends?

 
For clients choosing to host on Quantium’s cloud servicesfor sixty (60) days after the effective date of termination or expiration of Service Agreement, Quantium will make Service Data available to client for export or download upon the client’s request. 
 
Thereafter, Quantium will have no obligation to maintain or provide any Service Data, and Quantium will, unless prohibited by law or legal order, delete client Service Data from our systems.

What are the governance processes? (e.g. authentication, authorization, audit)

Access Control and Privilege Management: We restrict administrative access to production systems to only Approved Personnel.

Approved Personnel for System Implementation: During system implementation and data migration process, specific project members from Quantium Client Solutions Team shall have access to data provided by customers for data migration and reconciliation purpose and constitute as Approved Personnel. Upon client confirmation of data migration process completion, client raw data shall be deleted within thirty (30) days after system Go-Live date.

Approved Personnel for Production System: After system go-live, access to service data by Approved Personnel requires authorization from customer and requires customer IT to grant access to Customer intranet. The access may be strictly for the purpose of direct responses to customer service requests and provide troubleshooting and service support.

Audit: Quantium employees have unique accounts on infrastructure and cloud tools. These IDs are used to authenticate and identify each person’s activities on Quantium systems, including all access to Service Data.

Data ownership: The client retains ownership rights to all Service Data processed by Quantium systems.

No Sale of Service Data: Quantium will never sell, rent, or lease client Service Data to any third party.

What have you done to prevent security breaches?

Quantium strives towards security best practices and also completes yearly SOC 2 auditing. This is in line with our proactive approach to security risk management. The following are risk examples and Quantium’s risk mitigation approach for each: 

Exploitation attacks: These breaches are caused by vulnerabilities in outdated systems. Quantium caters for this by continuous code and version upgrades, while Microsoft Azure employs hosting on up-to-date hardware.

Human error: There are multiple threats of breach that can arise from human error, such as the use of weak passwords, failure to apply security best practices, and lack of awareness about phishing and spoofing attacks. Quantium implements an ongoing policy requiring all employees to complete periodic security awareness training.

Other system related vulnerabilities: Quantium completes periodical penetration tests including OWASP Top 10 Vulnerabilities and Database Vulnerabilities to test and proactively ensure that our system security is up to standard.

Additional measures to note:

Our systems undergo security and compliance monitoring by Vanta, a leading security compliance service provider.

As part of our HR policy, we conduct periodic ongoing training for all Engineering and Client Solutions staff on the latest data security policies and guidelines.

As part of our client servicing initiatives, we conduct periodic training and information updates to our client’s administrators and users on security related topics. 

Have you had any breaches or security issues in the past?

No.

Do any third parties have access to Service data?

No.

What is your database backup frequency?

Quantium uses the Azure SQL managed database instance, which is a databaseasaservice offering under the PaaS model on the Azure cloud.  
 
Azure database backup is done automatically to support “Point-in-time” restoration.

What are your current available hosting region options?

Currently Quantium offers 3 hosting regions: 

  1. European Union, United Kingdom, Norway and Switzerland (hosted in the Netherlands)
  2. Southeast Asia (hosted in Singapore)
  3. Mainland China
Are you GDPR compliant?

Quantium complies with GDPR regulations on storing and processing our clients’ data, with many measures in place to ensure we’re fulfilling our obligations. You can read more about our policies on data protection and processing in more detail throughout the rest of this webpage. To read our GDPR statement, click here.

Request a Demo

Start typing