PDQ security
We know how important the security of our products is. We're a bunch of former sysadmins ourselves. That’s why every decision we make revolves around ensuring our products are safe to use for managing your devices.
Our mission is to make device management simple, secure, and pretty damn quick.
We use a blend of top-tier security measures and evaluations of our applications, systems, and networks to safeguard your data — guaranteed.
Compliance
At PDQ we take pride in our commitment to security. That’s why we adhere to industry standard security practices and policies, backed up by a handful of compliance certifications and attestations.
Security
We are in process or already compliant with the following security frameworks:
SOC 2: PDQ is SOC 2 compliant and will continue to undergo routine audits for updated reports. Request the latest SOC 2 report.
Data privacy and protection
We are compliant with the following data privacy and protection frameworks:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Operational security
As a company made up of former sysadmins, we absolutely get the significance of security. That's why we're always in the loop with the latest security practices and industry standards.
System access
PDQ enforces a role-based access control (RBAC) policy over defined subjects and objects. PDQ controls access based upon defined roles and users authorized to assume such roles. By doing so, PDQ ensures that user access to in-scope system components is based on job role and function.
PDQ ensures that, at minimum, the RBAC policy establishes and enforces RBAC on the following elements:
Core business suite
Software development system
Cloud service providers (CSPs)
Other business-critical systems
Vulnerability protection
PDQ has established a vulnerability monitoring and scanning program designed to monitor and scan for internal and external vulnerabilities in systems and hosted applications at least weekly (or more randomly) to identify, quantify, and prioritize vulnerabilities. PDQ also identifies and implements code analysis tools in the organization’s development pipeline to regularly scan both static and dynamic codebases to check for vulnerabilities. Processes ensure that the scope of any vulnerability is defined and documented prior to the initiation of a vulnerability assessment.
PDQ also ensures that all findings from vulnerability scans are analyzed and documented on a weekly basis and remediated in accordance with the organization's risk tolerance. PDQ shares information obtained from the vulnerability monitoring process and control assessments with key stakeholders to help eliminate similar vulnerabilities in other systems.
Employee training
All PDQ employees are required to complete mandatory security training on a regular basis. This includes (but is not limited to) training on the following topics:
Social engineering
Phishing
Physical security
Mobile device security
Social media use
Sub-processors
Below is a listing of the sub-processors we utilize and the purpose for each engagement.
Auth0: Authentication
Cloudflare: Cloud infrastructure
Google Analytics / Adwords: Analytics, metrics, and marketing
Google Cloud: Cloud infrastructure
Hightouch: Data sync
HubSpot: Customer support
Microsoft Azure: Cloud infrastructure
Microsoft Office 365: Email
MixPanel: Analytics
NewRelic: Service performance monitoring
ProfitWell: Financial analytics
PowerBI: Business intelligence
Sentry: Cloud infrastructure
Sendgrid: Email automation
Salesforce: Customer support
Stripe: Payment processing
Twilio: Cloud infrastructure
UserVoice: Customer support
Zapier: Business automation
ZenDesk: Customer support
Our suite of secure products
While the software solutions we provide at PDQ are not security products in and of themselves, we believe they play a crucial part in the security strategy of any organization — helping sysadmins securely manage devices. Learn more in each product’s in-depth security guide.
