Security & Compliance at QuesGen

QuesGen is committed to maintaining the highest standards of data protection, system security, and operational integrity. Our platform and processes are built on a foundation of transparency, continuous improvement, and verified compliance.

Governance

QuesGen’s Security and Privacy teams establish and enforce policies and controls across the organization. These are monitored in real time and validated by third-party audits.

Access is restricted based on legitimate business need and the principle of least privilege.
We use a layered “defense-in-depth” security strategy across all systems.
Controls are applied consistently across the enterprise.
We continuously improve effectiveness, auditability, and user experience.

Security Certifications & Compliance

QuesGen maintains an active SOC 2 Attestation. Our most recent attestation was issued August 6, 2025, and can be provided upon request or via our Trust Center.

We follow NIST 800-171 guidelines and use the Vanta platform for compliance automation and continuous monitoring.

Data Protection

Data at Rest

All databases and storage buckets are encrypted using AWS KMS. Sensitive fields are encrypted before they are stored, offering defense beyond physical or logical access.

Data in Transit

We enforce TLS 1.2+ for all network transmissions and use HTTP Strict Transport Security (HSTS). TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.

Secret Management

We use AWS KMS, Secrets Manager, and Parameter Store to protect secrets and credentials. Keys are stored in Hardware Security Modules (HSMs), inaccessible to both AWS and QuesGen personnel.

Product Security

Penetration Testing

Independent penetration testing is conducted annually. Our current partner is Trace Security. Reports are made available upon request.

Vulnerability Management

AWS Inspector is an automated vulnerability scanner that assesses your EC2 instances, container images, and Lambda functions for:
- Software vulnerabilities (CVEs)
- Network reachability risks
- Misconfigurations in applications or systems
Amazon GuardDuty -- Intelligent threat detection and continuous security monitoring for AWS accounts and workloads.
Amazon CloudWatch -- Monitoring, logging, and alerting for applications and AWS infrastructure.

Enterprise Security

Vendor Risk Management

Vendors are assessed based on data access, production integration, and brand risk. Reviews are conducted annually with required corrective actions.

Security Training

All employees receive security training during onboarding and annually. Regular security briefings are delivered throughout the year.

Identity and Access Management

We are migrating to AWS Cognito (as of Q3, 2025). Access is role-based and automatically revoked upon employee termination.

Data Privacy

We treat data privacy as a core responsibility. Our privacy policy, updated annually, defines our obligations and is published on our website. All client agreements explicitly affirm our compliance with privacy and security standards.

Cloud Infrastructure

Since migrating to AWS in 2022, QuesGen has deployed a fully cloud-based infrastructure with automated recovery, IaC-based re-deployments, and daily backups replicated across availability zones.

Key AWS tools in use include RDS, EC2, CloudWatch, GuardDuty, Inspector, VPC, Secrets Manager, SES, and more.