Balancing Compliance and Creativity

Maintaining consistent and secure communication with the investment community is critical, making the delivery of enterprise-grade security and maximum up-time to all our clients a top priority for Q4. Working with global technology and security leaders, we have developed a world-class infrastructure that supports reliable and trusted communications across every engagement with investors. Only Q4 has made the collective investments into our people, processes, and partnerships to deliver a trusted, secure, and reliable solution built for the mission-critical importance of your investment communications.

Protecting Customer Data

Protecting Customer Data

The primary focus of Q4’s security program is to prevent unauthorized access to customer and proprietary data. To this end, our team of dedicated security practitioners, working in partnership with peers across the company, take exhaustive steps to identify and mitigate risks, implement best practices, and constantly develop ways to improve.

Certified by Leading Security Industry Organizations

Certified by Leading Security Industry Organizations

Q4 is continuously monitoring, auditing, and improving the design and operating effectiveness of our security controls. These activities are regularly performed by both third-party credentialed assessors and Q4’s internal security, privacy, risk, and compliance teams.

Global Leaders in Reliable and Secure Infrastructure

Q4 has been audited by a leading 3rd party organization, which included a full assessment of our technical infrastructure and data-handling processes.

Q4 is SOC 2

Q4 is SOC 2 - Type II Certified with ISO Compliant Processes and Procedures

For our clients, the SOC 2 - Type II audit provides the peace of mind that continuous security monitoring and best practices have been established to ensure that your information is safe at each juncture of engagement. As part of this certification, we have provided a full description of controls and processes designed and implemented, as well as the operating effectiveness over a more than six-month period.

Q4 Audited Processes

  • Data encryption
  • Formal risk management
  • Formalized access controls
  • Internal security, privacy and compliance
  • Network and application security
  • Intrusion detection system (IDS)
  • Secure data handling
  • Strict vendor management process
  • Automated monitoring systems
  • Multi-factor authentication

What is SOC - 2?

SOC (Service Organization Controls) certifications are the internal data protection controls that are implemented at a third-party service organization. SOC certifications protect the systems or data that are being accessed by third-parties.

 

SOC 2 Type II reports are the most comprehensive SOC certifications

A company that has achieved SOC 2 - Type II certification is taking a proactive approach and investing in keeping its clients’ data secure. For service providers working with cloud and IT services, this certification is critical for their regulators, examiners, and auditors.

Network Security

Network Security

Reliable, fast, and secure global infrastructure built with market leaders, including Amazon Web Services (AWS™) and Cloudflare™ enterprise DDoS and WAF service, ensures Q4 websites perform to the highest expectations of our clients. Scalable infrastructure ensures consistent routing of traffic to your website while our best-in-class CDN ensures global coverage for performance, security, and reliability in fighting malicious attacks and serving web requests closer to your audience. Continuous monitoring conducted by dedicated in-house IT security experts ensures a proactive approach to infrastructure integrity for unparalleled up-time.

Q4 Infrastructure Highlights

  • Over 99.9% website up-time
  • 24M+ unique annual website visitors
  • 200+ network nodes across 100+ global cities for rapid website performance
  • Distributed backup for natural disaster recovery in < 24 hours
  • 24/7/365 infrastructure monitoring
  • Amazon Route 53 DNS
  • ISO27001, SOC 1 SOC2, SOC3 Infrastructure
  • Dynamic routing of traffic, tested and proven to meet your earnings performance needs
  • <200 ms response time
Data Encryption

Data Encryption

All data transmitted between Q4 clients and the Q4 service is done so using strong encryption protocols. Q4 supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA256 signatures, whenever supported by the clients. Data at rest in Q4’s production network is encrypted using NIST compliant encryption standards, which applies to all types of data at rest within Q4’s systems. We have implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of private details such as encryption keys and service account credentials. In addition, we use a combination of storage and caching technologies to ensure customer data is protected from hardware failures and is served quickly, from anywhere in the world, when requested.

Dedicated In-House Support and Security Expertise

A white-glove approach to security ensures that Q4 looks after all critical website needs with intelligent and scalable solutions that protect your message from malicious attacks.

Stress-free Security

Stress-free Security

We build SSL secure websites (HTTPS) and fully manage the process on behalf of clients, requiring no future concern as Q4 ensures it is up-to-date. Additionally, the combined Amazon Web Services (AWS™) and Cloudflare™ technology ensure a fully managed distributed-denial-of-service (DDoS) protection for accurate and comprehensive coverage to protect against zero-day vulnerabilities.

Expert Support at Every Touchpoint

Expert Support at Every Touchpoint

From first engagement, through monitoring, to support - you always work with the in-house Q4 team of 400+ IR-focused experts to drive your website performance and security. The importance of your message requires a team trained to understand investor relations. Q4 design experts draw from years of experience to meet all SEC and regulatory requirements while a dedicated team works with you to manage confidential assets, disclosure, and ensure all processes follow SOC 2 - Type II requirements. The security and support team based in North America and Western Europe work 24/7/365 to deliver timely updates.