Data Security at Quorum

Our Approach

The security and privacy of your Quorum account and the data you put in Quorum is incredibly important to us. As such, our company follows best-in-class security practices with regards to both our technical setup and our personnel to ensure that clients’ data is appropriately protected. Quorum has passed extensive security reviews at many of the world’s largest companies and hires a third party security firm to attempt to hack into its systems twice a year. Our approach to security and privacy is centered around five pillars:

our-approach

Application Security

Application security ensures that Quorum’s applications—the website, mobile app, and desktop app through which our clients access Quorum—are protected. We encrypt all data in transit and at rest (and maintain an A rating on encryption from Qualys), enforce enterprise-grade login controls including optional two-factor authentication and SSO, and have designed built-in protections against XSS, SQLi, and many other common attack patterns.

application-security

Infrastructure Security

Quorum is entirely hosted on Amazon Web Services (AWS), a best-in-class infrastructure as a service provider, and uses a combination of AWS-provided, third party, and in-house systems in order to protect the servers, databases, firewalls, backups, and other components that Quorum is built on.

infrastructure-security

Endpoint Security

To protect the laptops and computers used by employees, we contract with Crowdstrike, an endpoint security firm used by many government organizations and Fortune 100 companies and which is well known for investigating the DCCC hacking that occurred during the 2016 Presidential campaign. Crowdstrike’s endpoint security system identifies and blocks issues before they occur and serves as a powerful monitoring and anti-virus system. Our hardened server endpoints are protected by both Crowdstrike as well as a variety of other intrusion detection and prevention systems.

endpoint-security

Personnel Training and Policies

Even the best security systems cannot be successful if the individuals involved are not well-equipped to follow standard practices. Every Quorum employee undergoes a background check prior to the start of employment, signs a non-disclosure agreement (NDA) as part of the employment agreement, passes mandatory data security training on their first day, and adheres to strict internal access limitations with regards to client data.

personnel-training


These standards and practices are only the tip of the iceberg. If you’d like to learn more about how Quorum’s security systems can help protect your data, please don’t hesitate to reach out.