Security
Security at QuoteWerks
QuoteWerks Web provides options to control how users access the system, where data is hosted, and how it is handled within the platform.
This page provides an overview of authentication, hosting, and security-related practices.
Authentication, hosting, and data practices for QuoteWerks Web
Access Control
Authentication Options
Configure how users log into QuoteWerks Web
QuoteWerks Web supports multiple authentication methods that can be configured based on your environment.
Available options include:
- Multi-factor authentication (MFA)
- Authenticator apps
- Text message verification
- Duo Security push-based authentication
- Single Sign-On with Microsoft Azure Active Directory
Authentication and access policies are configurable, allowing organizations to define and enforce requirements based on their internal standards.
Hosting
Data Hosting and Infrastructure
Where QuoteWerks Web is hosted
QuoteWerks Web, QuoteValet, VendorRFQ, database hosting services, and ClarityWerks hosted offerings are provided through Microsoft Azure in the Central US region (unless otherwise communicated).
Azure provides infrastructure capabilities such as redundancy, backup, and platform-level security controls.
Organizations may also choose to host their QuoteWerks database within their own environment depending on their requirements.
Data
Data Handling and Protection
How data is processed and secured
- Customer data is processed, stored, and transmitted to operate and support the QuoteWerks service
- Customer data is not used for unrelated purposes
- Data in transit is encrypted using TLS 1.2 or higher
- Data at rest is encrypted using Azure-managed encryption services (AES-256 where applicable)
Authorization
Access Control and Isolation
Managing user access within the platform
Access to QuoteWerks Web is managed through role-based access control and tenant-level isolation.
Access is configured based on the principle of least privilege, allowing organizations to control how users interact with data and system functionality.
Authentication and access control settings are configurable at the tenant level.
Practices
Security Practices and Approach
How security is maintained
QuoteWerks aligns with industry practices and frameworks such as the NIST Cybersecurity Framework.
Security processes are maintained as part of ongoing operational practices and are continually reviewed and improved.
Detailed internal security controls are not publicly disclosed.
Reliability
Backup and Recovery
Supporting data restoration and continuity
Backup and recovery processes are maintained as part of ongoing operational practices to support data restoration in the event of an incident.
These processes are aligned with the underlying cloud infrastructure and operational practices used to support the platform.
Responsibility
Shared Responsibility Model
Understanding roles in security
Security within QuoteWerks Web follows a shared responsibility model.
- Microsoft Azure is responsible for infrastructure-level security, including physical data centers, networking, and platform services
- QuoteWerks is responsible for application-level security, access control, and operational practices
- Customers are responsible for configuring authentication, access policies, and data usage in alignment with their requirements
Responsibility
Customer Responsibilities
Using the platform in alignment with your requirements
Customers are responsible for ensuring that their use of QuoteWerks Web aligns with applicable regulatory and compliance requirements.
The platform provides configurable controls, but how those controls are applied is determined by each organization.
Internal
Internal Security Practices
Employee and operational safeguards
QuoteWerks maintains internal practices to support operational security.
All employees are required to complete Federal, State, and Local background checks prior to employment.
Reporting
Report a Security Issue
How to report potential vulnerabilities
If you discover a potential security issue, please report it to:
Include a summary of the issue and any relevant details to help reproduce it.
Please report vulnerabilities responsibly and avoid actions that could impact other users or system performance.