HOW DOES QX IMPLEMENT AND MAINTAIN THE STRICTEST QUALITY AND DATA PROTECTION CONTROLS?
Quality Management System (QMS)
With a clear emphasis on measuring process effectiveness and performance, QX follows the globally-accepted ISO 9001:2015 quality management system (QMS). In addition to giving us access to industry best practices, the adoption of a BSI-accredited, ISO framework helps us continually monitor and improve our procedures and processes.
To maintain rigorous quality control, we undertake regular training and audits. Our internal auditors verify the efficiency and effectiveness of our procedures and revise them, wherever needed. Moreover, to ensure that business objectives continually feed into our processes we validate our quality management system by third-party auditors.
- Our clients feel confident in QX’s ability to deliver services that meet their needs and requirements.
- We are better equipped to analyse and understand the efficient use of available resources – materials, processes, workforce, technology and information.
- Through our compliance with a quality management system, we display our commitment to quality and excellence to our clients.
Information Security Management System (ISMS)
Following a successful audit by the British Standards Institution (BSI), QX earned the internationally recognised ISO 27001:2022 certification for its information security management system. The British Standards Institute’s ISO 27001:2022 is the current best-in-class standard for Information Security Management Systems.
QX follows security guidelines such as:
- Data access is restricted to authorized users only
- All methods of data transfers to external sources are controlled
- Removable storage devices like pen drives, smartphones, etc. are blocked on workstations
- Access to Internet sites (email, FTP, online storage etc.) is blocked by the use of an industry class firewall device
- All workstations are protected by an enterprise-level Antivirus solution, which is continuously updated.
- All operations areas are protected by a magnetic door locking mechanism with access only to department members.
- All main doors are manned by security officers, with 24×7 CCTV camera monitoring
- Users are periodically made aware of IT policies and security measures
QX recognises the need for such certification and acknowledges that ISO 27001:2022 indeed ensures appropriate controls to securely protect information and intellectual property. As an ISO 27001:2022 compliant organisation, we treat information as the most valuable asset and continually assesses our systems to ensure the highest level of information security.
Privacy Information Management System (PIMS)
QX has now started to establish and grow its business across different countries, and considering the diversity of stringent privacy law requirements, it was imperative for us to implement controls and measures that are in alignment with these requirements. That’s where QX implemented the ISO 27701 standard for global privacy management followed by a successful audit by the BSI.
ISO 27701 is the best practice structure for a privacy information management system that is aligned with the core principles of data protection. It is a privacy extension to the international Information Security Management Standard, ISO 27001. It specifies the requirements for – and provides guidance for establishing, implementing, maintaining and continually improving – a PIMS (Privacy Information Management System). It is based on the requirements, control objectives and controls of ISO 27001, and includes a set of privacy-specific requirements, controls and control objectives.
Cyber Essential Plus Certification
QX Global Group is now Cyber Essential certified, which demonstrates that the company has vigorous IT defences that are designed to contest cyber-attacks. The scheme has been designed by the UK Government to help organisations mitigate internet-based risks.
The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet. The scheme addresses five key controls (below), that when implemented correctly can prevent 80% of cyber-attacks.
- Boundary firewall and gateways
- Secure configuration
- Malware protection
- Patch management
- Access Control
SOC 2
The British Standards Institute (BSI), conducted a very thorough audit of the internal control framework at QX and vetted our system and organization controls that were deployed with respect to the ‘5 trust principles’. The SOC 2 report offers detailed information and assurance vis-à-vis the set of controls in place at QX relevant to aspects such as security, availability, the integrity of the system processing client data and also the confidentiality and privacy of all data processing.
The audit determined that QX is a SOC 2 Type II compliant organization. In SOC 2 parlance, Type I is a description of all the systems deployed by the vendor and the auditor assesses whether the system design is in perfect sync with the required trust principles. Type II goes one step beyond and describes the effectiveness of all the systems that the organization has implemented to meet SOC 2’s trust principles.
QX Robo 1040, your go-to solution for personal federal income tax returns for U.S. residents, proudly meets the rigorous AICPA SOC2 standards. Developed by QX Accounting Services, This intuitive software simplifies the tax filing process, making the complex Form 1040 straightforward and stress-free. QX Robo 1040 is compliant with AICPA SOC2 requirements. With SOC2 compliance, QX Robo 1040 ensures the highest levels of security and reliability, making your tax season straightforward and worry-free.
Download our Privacy Policy here
Privacy Policy
GDPR
Our Commitment To Security And Regulatory Compliance
Being one of the UK’s leading suppliers of accounting, finance and accounts, payroll and recruitment process outsourcing services, we are committed to implementing the GDPR. Our team ensures that our clients and our businesses are prepared for GDPR before we commence the processing. We are ISO 27001 and ISO 27701 compliant organization and these standards validate the measures we have taken to;
- Enable compliance to GDPR requirements,
- And protect confidentiality, integrity and availability of our client data.
QX Global Group has always honoured its clients’ right to data privacy and protection. We are the first outsourcing company in India to become GDPR compliant.
Mission Kaizen
The implementation of “Kaizen” at QX by the department of Quality and Business Excellence (QBX) has been branded by the term “QX Mission Kaizen – Power of 1000 minds” introduced in September 2020.
Six Sigma Green and Black Belt professionals lead this initiative and defined the policy and processes to execute and manage QX Mission Kaizen. Through this initiative, we look for opportunities for improvement which translate into time, effort, accuracy, and cost savings for QX and our clients.
Learn More
Champions Project
The QX Champions Project is an initiative launched by our Quality and Business Excellence department to cultivate lean Six Sigma expertise, creating a skilled workforce focused on process excellence, waste elimination, cost reduction, quality improvement, TAT reduction, efficiency improvement, and additional revenue generation for QX and our clients.
Our initiative includes Lean Six Sigma Green Belt training from the Lean 6 Sigma Pro Training Institute for selected managers and AVPs, led by QX’s Green and Black Belt professionals who define project policies and processes.
Learn More