A Platform that Stands up to Audits
A Platform that Stands up to Audits
WheelQ enables secure and efficient management of customer data.
WheelQ enables secure and efficient management of customer data.
Security and privacy at the core
Security and privacy at the core
Information security and data protection are integrated into the WheelQ platform architecture as controls and processes, rather than just fulfilling requirements. WheelQ is built to comply with the strictest European standards, first and foremost the EU General Data.
Protection Regulation (GDPR). The continuous reliability of the service and the effectiveness of security controls are ensured by regular auditing and strict process management.
Information security and data protection are integrated into the WheelQ platform architecture as controls and processes, rather than just fulfilling requirements. WheelQ is built to comply with the strictest European standards, first and foremost the EU General Data.
Protection Regulation (GDPR). The continuous reliability of the service and the effectiveness of security controls are ensured by regular auditing and strict process management.
Solutions
Solutions
Architecture and data segregation
All customer and respondent data is stored encrypted and physically within the EU (AWS, Ireland). We process data in a multi-tenant environment, which guarantees the logical segregation and appropriate protection of customer data.
Standards and certifications
The system’s Quality and Information Security Management System (ISMS) complies with the requirements of the ISO/IEC 27001 standard. This standard-based framework covers risk management, technical controls, and processes.
Data management and purpose of use
We apply anonymization or pseudonymization to data whenever possible and appropriate. Data processing is simultaneously restricted to contractually defined purposes.
Continuous validation (auditing)
Our system is regularly audited by independent experts. This external validation confirms that we maintain documented security processes, proactively respond to identified risks, and ensure continuous operation in compliance with standards.
Asiakkaidemme kommentteja
Frequently asked questions
Frequently asked questions
What standards is WheelQ's information security based on?
WheelQ’s information security system is built in compliance with the requirements of the ISO/IEC 27001 standard. Additionally, all data processing and surveys are implemented in compliance with EU GDPR requirements.
Where is the data geographically located, and how is it protected?
All data is stored encrypted physically within the EU (Amazon Web Services, Ireland). Data is technically segregated into a multi-tenant environment and regularly backed up.
How is personal data segregated, and how is anonymization used?
Personal data is anonymized or pseudonymized whenever possible, restricting data processing only to the contractual purpose. This protects the identity of respondents while preserving the utility of the data for analysis.
Is your system audited regularly?
Yes. The controls of WheelQ’s Information Security Management System (ISMS) are regularly audited by independent third parties. This ensures continuous compliance with the ISO 27001 standard and the effectiveness of the controls.
How are user access and authentication managed?
WheelQ offers fine-grained access control. We utilize Multi-Factor Authentication (MFA option) and identity federation (Azure AD or Google SSO). Data access is restricted per user and tenant in the backend.
What is the division of information security responsibilities between the customer and WheelQ?
WheelQ is responsible for the security of the infrastructure and applications (IaaS/PaaS/SaaS), while the customer manages their own users and data on the platform.
How does WheelQ respond to security breaches?
WheelQ notifies immediately upon detection of a data breach and responds within a maximum of 72 hours (GDPR timeframe). All incidents are logged, and root-cause analysis is conducted.
Is SFTP data transfer encrypted?
Yes. Each customer has a unique username and password. Data transfer is encrypted with the SSH protocol, and unsecured FTP is not supported.
How are software updates and changes managed?
Software updates are implemented in a controlled manner according to continuous integration and testing principles. Every version going into production is automatically tested to ensure quality and security.