Secure, dependable proposal automation software

For the QorusDocs product, a Service Organization Controls (SOC) 2 Type II report is maintained. The audit is performed by an independent third-party evaluator certified by the American Institute of CPAs (AICPA). This audit uses the Trust Services Principles (Security and Privacy), published by AICPA, to evaluate the effectiveness of a service organization’s controls. QorusDocs can provide SOC 2 Type II report and attestations of compliance, upon request, at security@qorusdocs.com. QorusDocs is committed to continuous compliance and has implemented measures to keep the implemented SOC controls current.

QorusDocs stores a minimum of Personally Identifiable Information (PII), and only as defined by our client to deliver the Services. QorusDocs follows the policies below that are relevant to General Data Protection Regulation (GDPR):

• Lawful Basis for Processing: QorusDocs processes data to fulfil the performance of our contract with our clients, with each Client acting as the data controller responsible for determining the lawful basis for processing.
• Data Subject Rights: QorusDocs reasonably supports Clients, as data controllers, in responding to data subject requests in accordance with applicable data protection laws.
• Data Security: QorusDocs implements robust technical and organizational measures to safeguard Client data.
• Data Deletion: QorusDocs retains personal data only as long as necessary to provide our services and deletes or returns data upon contract termination.
• Sub-processors: QorusDocs engages trusted sub-processors who meet our security and privacy standards and ensures appropriate safeguards for international data transfers.

For more details about QorusDocs’ GDPR compliance, contact security@qorusdocs.com.

QorusDocs uses EU Standard Contractual Clauses (SCCs) and UK SCCs as legal mechanisms for data transfer because they provide a secure framework for cross-border data flows. These clauses ensure compliance with data protection laws when transferring personal data from the European Economic Area (EEA) and the UK. By incorporating SCCs into contracts, we demonstrate our commitment to safeguarding user privacy and mitigating risks associated with data transfers across different jurisdictions.

The Data Processing Agreement (DPA) serves as a legally binding contract that outlines the rights and obligations of the parties involved in processing personal data. The DPA sets out the scope, nature, and purpose of processing, the types of data involved, and the responsibilities of both parties to protect the privacy and security of the data.

https://www.qorusdocs.com/dpa/ 

QorusDocs is acting as a Data Processor under the GDPR or a Service Provider under the CCPA. We comply with prevailing privacy laws and regulations. We ensure that our sub-processors are also compliant and enter into the necessary DPA/SCC legal agreements to satisfy the requirements of the laws.

https://www.qorusdocs.com/subprocessors/ 

QorusDocs upholds stringent security protocols and procedures to safeguard personal information, aligning with regulatory standards such as the GDPR and CCPA. Technical measures encompass both physical and electronic protections, including encryption and access restrictions. Organizational measures pertain to the implementation of policies and procedures that guarantee secure data handling by employees, consistent with privacy legislation. Collectively, these strategies provide a robust shield against threats to data security.

https://www.qorusdocs.com/securitymeasures/