CIS Software Public Security and Privacy Policy

Effective Date: October 23, 2024

Introduction
At TQMS Inc. - CIS Software, the security and privacy of our clients’ data are of utmost importance. We are committed to protecting the integrity, confidentiality, and availability of all data processed and stored in our systems. This policy outlines the measures we have implemented to ensure that all data remains secure and that our clients’ privacy is maintained at all times.

1. Scope and Purpose

This policy applies to all data processed and stored within CIS Software, including data collected from our clients, their users, and other stakeholders. It covers the protection of all personally identifiable information (PII), sensitive information, and operational data handled by our software.

2. Information We Collect

CIS Software collects and processes data necessary to provide, operate, and enhance our services. This includes:

  • Client Information: Name, email address, phone number, and other contact details for account management and support purposes.

  • System Data: Information related to nonconformity reports, corrective actions, audit data, personnel training and quality management activities.

  • Usage Data: Technical data such as IP addresses, browser type, and interaction logs to improve the software experience and ensure its security.

We do not collect or store payment details directly. All payment processing is by Purchase order and payments are made by check, PayPal or bank wire transfer.

3. Security Measures

CIS Software employs industry-leading security measures to protect data from unauthorized access, breaches, or loss. Key measures include:

  1. Data Encryption
    All data stored within CIS Software is encrypted at rest using industry-standard encryption algorithms. Sensitive data transmitted between our clients and our servers is protected using HTTPS with TLS 1.2 or higher.

  2. Access Controls
    Access to CIS Software is protected using multi-factor authentication (MFA) for all programmers and management users. Role-based access controls (RBAC) ensure that only authorized personnel can access sensitive information or perform critical actions within the software.

  3. Regular Audits
    We conduct regular internal and external audits to evaluate and enhance our security controls. This includes engaging third-party security firms to conduct penetration tests and red team evaluations, as outlined in our Black-Box Red Team Engagement Procedure.

  4. Network Security
    Our systems are hosted on dedicated servers with network security controls in place, including firewalls and intrusion detection systems. VPN access is required for administrative functions, and server access is limited to specific, trusted IP addresses.

  5. Data Backup and Recovery
    We perform regular backups of all critical data, which are stored in secure offsite locations. Our disaster recovery plans are tested annually to ensure data can be restored promptly in the event of a failure or breach.

4. Privacy Practices

  • Data Collection and Use
    CIS Software collects only the information necessary to provide and improve our services. We do not sell or share client data with third parties for marketing purposes. Data may be shared with trusted partners solely to facilitate essential services, such as hosting and payment processing.

  • User Consent
    We obtain explicit consent from our clients before collecting or processing their data. Clients retain full ownership of their data, and they can request access, modification, or deletion of their information at any time.

  • Compliance with Regulations
    Our server at Liquid Web complies with applicable regulations, including GDPR, SOC 2, and ISO/IEC 27001 standards.

    5. Incident Response

    In the event of a security incident or data breach, CIS Software follows a strict incident response plan. This plan includes:

  • Immediate containment of the breach to prevent further damage.

  • Notification of affected clients within 72 hours of the incident, as required by relevant regulations.

  • A comprehensive investigation to identify the root cause and implement corrective measures.

6. Client Responsibilities

While we strive to provide a secure environment, the security of our clients’ data also depends on their actions. We recommend the following best practices:

  • Use strong and unique passwords for all accounts.

  • Enable the geolocation sign-in system in CIS Software.

  • Enable multi-factor authentication (MFA) for additional account protection.

  • Regularly review access permissions and revoke access for users who no longer need it.

7. Changes to This Policy

We may update this policy from time to time to reflect changes in our services or regulatory requirements. Clients will be notified of any significant changes via email and a notice on our website.

8. Contact Us

If you have any questions or concerns about this policy, please contact us at:

Peter Sanderson
President, TQMS Inc.
Email: peter@tqms.com