Security & Compliance
Your QHSE data deserves enterprise-grade protection. Q-Hub is built from the ground up with security at its core — independently audited, continuously monitored, and trusted by 500+ organisations.
Independently Verified Security
We hold the industry's most rigorous certifications, validated by accredited third-party auditors.
ISO/IEC 27001
Internationally recognised information security management system. Audited annually by UKAS-accredited certification bodies covering all 114 Annex A controls.
Cyber Essentials Plus
UK Government-backed certification with hands-on technical verification. Demonstrates robust protection against the most common cyber threats.
SOC 2 Type II
Independent audit of our security, availability, and confidentiality controls. Covers trust service criteria across all platform operations and data handling.
GDPR Compliant
Full compliance with the UK General Data Protection Regulation and Data Protection Act 2018. Registered with the ICO. Data Protection Officer appointed.
Your Data, Protected at Every Layer
Military-grade encryption, geographically redundant UK data centres, and automated backups ensure your QHSE data is always safe and recoverable.
UK Data Centres
All data stored exclusively within UK-based, Tier 3+ data centres. Your data never leaves UK jurisdiction, ensuring full compliance with UK data sovereignty requirements.
Encryption at Rest (AES-256)
All stored data is encrypted using AES-256 bit encryption — the same standard used by government and military organisations worldwide.
Encryption in Transit (TLS 1.3)
All data transmitted between your browser and Q-Hub is protected with TLS 1.3 encryption. Older, vulnerable protocols are disabled entirely.
Daily Automated Backups
Incremental backups run daily with 30-day retention. Full snapshots are taken weekly and stored in a separate geographic region for disaster recovery.
Disaster Recovery
Documented DR plan tested quarterly. Recovery Point Objective (RPO) of 1 hour and Recovery Time Objective (RTO) of 4 hours for critical systems.
Data Portability
Full data export in standard formats (CSV, JSON, PDF) at any time. No vendor lock-in. Your data remains yours — always.
Enterprise-Grade Identity & Access Management
Control exactly who can access what, with granular permissions and industry-standard authentication protocols.
- Role-based access control (RBAC) — Define granular permissions by role, department, or site. Full audit trail of all permission changes.
- Single sign-on (SSO/SAML 2.0) — Integrate with your existing identity provider. Supports Azure AD, Okta, Google Workspace, and any SAML 2.0 or OIDC provider.
- Multi-factor authentication (MFA) — Enforce MFA across your organisation via TOTP authenticator apps, SMS, or hardware security keys.
- IP whitelisting — Restrict platform access to approved IP ranges, ensuring only authorised networks can connect.
- Session management — Configurable session timeouts, forced re-authentication, and the ability to remotely terminate active sessions.
Complete Visibility Into Every Action
Every interaction within Q-Hub is logged with a tamper-proof audit trail.
- Immutable audit logs — Every login, data change, download, and permission change is recorded with timestamp, user identity, and IP address.
- Exportable for compliance — Download audit logs in CSV format for regulatory submissions, internal audits, or forensic investigations.
- Real-time alerts — Automated notifications for suspicious activity, failed login attempts, and bulk data operations.
- 7-year retention — Audit logs are retained for seven years to support long-term regulatory and legal requirements.
Built for Reliability at Scale
Hosted on enterprise cloud infrastructure in the UK with redundancy, auto-scaling, and round-the-clock monitoring.
AWS UK Region
Hosted on AWS eu-west-2 (London) with data residency in the UK. SOC 2, ISO 27001, and ISO 27018 certified infrastructure.
Redundant Architecture
Multi-AZ deployment with automatic failover. No single point of failure across compute, storage, or networking layers.
24/7 Monitoring
Continuous infrastructure monitoring with automated alerting. Our operations team responds to critical incidents within 15 minutes, day or night.
Auto-Scaling
Dynamic resource allocation ensures consistent performance during peak usage. No performance degradation regardless of concurrent user count.
DDoS Protection
Enterprise-grade DDoS mitigation via AWS Shield. Automated traffic filtering protects against volumetric, protocol, and application-layer attacks.
Change Management
All infrastructure changes follow a documented change management process with peer review, staging validation, and rollback procedures.
Regulatory Compliance Built In
Q-Hub is designed to help you meet the world's most demanding regulatory requirements. Our platform and processes align with major compliance frameworks.
- UK GDPR & Data Protection Act 2018 — Lawful basis for processing, data minimisation, and data subject rights fully implemented.
- ISO 27001 Annex A controls — All 114 controls assessed and implemented where applicable. Statement of Applicability available on request.
- ICO Registration — Registered as a data controller and data processor with the UK Information Commissioner's Office.
- NCSC Cyber Security Principles — Architecture designed in alignment with the UK National Cyber Security Centre's guidance.
Continuous Vulnerability Management
We don't just build secure software — we continuously prove it through independent testing and proactive vulnerability management.
- Annual penetration testing — Conducted by CREST-accredited third-party providers. Results and remediation evidence available under NDA.
- Automated vulnerability scanning — Continuous SAST/DAST scanning integrated into our CI/CD pipeline. Critical findings addressed within 24 hours.
- Responsible disclosure programme — Documented vulnerability disclosure policy. Security researchers can report findings to info@q-hub.co.uk.
- Dependency management — Automated monitoring and patching of all third-party libraries and dependencies for known CVEs.
Data Processing Agreement & Sub-Processors
We maintain a comprehensive Data Processing Agreement (DPA) that meets UK GDPR requirements. A copy is available on request or as part of our standard contracts.
Current Sub-Processors
The following third-party sub-processors are used in the delivery of Q-Hub services. All sub-processors are contractually bound to equivalent data protection standards.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure & hosting | UK (London) |
| Cloudflare | CDN, DDoS protection & WAF | UK / Global edge |
| SendGrid (Twilio) | Transactional email delivery | EU |
| Stripe | Payment processing | UK / EU |
| Intercom | Customer support chat | EU |
Customers are notified 30 days in advance of any new sub-processor additions. For the full DPA or to request changes, contact info@q-hub.co.uk.
Security Questions, Answered
Common questions from IT teams, procurement leads, and compliance officers evaluating Q-Hub.
All Q-Hub data is stored exclusively in UK-based data centres operated by Amazon Web Services (AWS eu-west-2, London). Data is replicated across multiple availability zones within the UK for redundancy. Your data never leaves UK jurisdiction unless you explicitly request it.
Yes. Our ISO 27001 certificate is available on request. Penetration test executive summaries are available under NDA. Please contact your account manager or email info@q-hub.co.uk to request copies.
Yes. Q-Hub supports SAML 2.0 and OpenID Connect (OIDC) for Single Sign-On. We integrate with all major identity providers including Microsoft Azure Active Directory, Okta, Google Workspace, and OneLogin. SSO is available on our Pro and Enterprise plans.
Upon cancellation, you have 30 days to export all your data in standard formats (CSV, JSON, PDF). After the 30-day grace period, all data is permanently and securely deleted from our systems, including backups, within 90 days. A certificate of destruction is available on request.
Q-Hub maintains a documented Incident Response Plan aligned with ISO 27001. In the event of a security incident, affected customers are notified within 72 hours as required by UK GDPR. Our incident response team operates 24/7 with defined escalation procedures, containment protocols, and root cause analysis workflows.
Absolutely. We regularly complete SIG, CAIQ, and bespoke security questionnaires for enterprise customers. We maintain a pre-completed security pack including our ISO 27001 certificate, SOC 2 report, penetration test summary, DPA, and sub-processor list. Contact info@q-hub.co.uk or your account manager to get started.
Ready to See Q-Hub's Security First-Hand?
Book a personalised security walkthrough with our team. We'll answer your questions, share documentation, and demonstrate our enterprise security controls.