At Quaerito Qualitas, Inc. (QQI), we are committed to protecting the confidentiality, integrity, and availability of all information assets. As a trusted provider of HR services, safeguarding sensitive client and employee data is essential to our operations and reputation. Our security framework is designed to meet the highest standards of information security, including compliance with ISO 27001, the Philippine Data Privacy Act (DPA), and the General Data Protection Regulation (GDPR) where applicable.
Our Commitment and Controls:
Information Classification & Protection:
All information assets are classified as Public, Internal, or Confidential to determine appropriate handling and protection levels. Confidential data, such as client information and employee records, is encrypted both in transit and at rest using industry-standard encryption protocols (e.g., AES-256).
Access Control & Authentication:
Access to company systems and data is restricted based on the principle of least privilege and is granted only to authorized personnel on a need-to-know basis. We implement multi-factor authentication (MFA) and conduct regular access reviews to ensure that permissions are up-to-date and secure.
Data Privacy & Compliance:
We adhere to applicable data privacy laws and ensure that client and employee personal data is processed lawfully, fairly, and transparently. Data sharing with third parties is restricted and governed by confidentiality agreements and vendor security requirements.
Incident Management:
All security incidents, including data breaches and unauthorized access, are reported immediately and managed under a structured Incident Response Plan. We conduct post-incident reviews to identify root causes and implement corrective actions to prevent recurrence.
Business Continuity & Disaster Recovery:
We have established a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure the continuity of critical business functions during disruptions. Regular testing and simulations are conducted to validate the effectiveness of these plans.
Employee Training & Awareness:
All employees, contractors, and third parties are required to complete regular information security training. Specialized training is provided for personnel handling sensitive information and managing critical systems.
Internal Audits & Compliance Monitoring:
We conduct regular internal audits to ensure compliance with this policy and ISO 27001 standards. Non-compliance may result in disciplinary action, including termination of employment or contract.
Vendor & Third-Party Security:
Third-party service providers with access to sensitive data are subject to security and compliance reviews. All contracts include clauses requiring adherence to our security standards and data protection requirements.
Ensuring Trust and Security
By implementing these measures, we aim to safeguard company and client data while maintaining operational excellence. We continuously evaluate and improve our security controls to protect against evolving threats and ensure compliance with international standards.
For more information, please send an email to DPO@QQI.PH
Automated page speed optimizations for fast site performance
