Knowledge Technology Solutions, Inc., d.b.a. Quester®, an Iowa corporation (“Knowledge Technology Solutions,”, “Quester”, “we,” or “us”) is committed to protecting our clients’ and partners’ data with the highest standards and integrity.  For a complete detailed white paper of our security systems, download our white paper and view our privacy policy.

Comprehensive Information Security Program
Quester values our clients and partners.  We take the obligation of protecting the confidentiality, integrity, and availability of the data entrusted to us seriously.  We understand and agree that protection of your confidential data is your most important concern when partnering with us.  To fulfill our commitment to protecting your confidential data, Quester has implemented and maintains a comprehensive Information Security Program that utilizes the framework NIST Cybersecurity Framework (CSF) 2.0.

General Data Protection Regulation (GDPR)
At Quester we place an emphasis, on safeguarding the privacy of our clients and partners making it a central focus throughout our organization. This commitment goes beyond the US market as we have taken measures to comply with the General Data Protection Regulation (GDPR). Our actions involve enforcing data protection policies, conducting reviews and providing continuous training to our team members. Moreover, we have invested in cutting edge technologies to protect information and have put in place procedures for managing any data breaches. These initiatives demonstrate our dedication to upholding the standards of privacy and data security, on a global scale.

Vendor Management Program
Questers Vendor Management Program aims to discover and address risks related to third party vendor services. The program includes examining audits and penetration tests carried out on these vendors.

Review Process:

  • Independent Audits: Checking the third-party audits to verify they align with industry norms.
  • Penetration Testing: Scrutinizing the outcomes of penetration tests to pinpoint any security vulnerabilities.

Risk Assessment:

  • In cases where audits or tests fall short or uncover control deficiencies vendors are required to fill out a security risk assessment questionnaire.
  • Questers security team then evaluates the responses to determine if further scrutiny is necessary.

Certification Requirement:

  • All vendors need to possess SOC 2 certification demonstrating their adherence to data security and privacy standards. This initiative ensures that Quester exclusively collaborates with vendors upholding security measures.

Respondent Confidentiality and Participation
Quester understands the importance of consumers and respondents when performing market research.  We respect respondents’ privacy and hold their data to the same high standards as our clients and partners.  Respondent data is anonymous whenever possible and is not reported individually, but in the aggregate.  Respondent participation is completely voluntary, and consent is always required to collect your data.  Quester is a member of the Insights Association and upholds their Best Practices when it comes to market research.

Responsible Disclosure Policy
Quester values the responsible disclosure of security vulnerabilities in our systems. If you discover a potential vulnerability, please follow these guidelines:

  1. Report the Vulnerability: Email us at security@quester.com with a detailed description of the issue, including steps to reproduce it and its potential impact.
  2. Confidentiality: Do not share or publicly disclose the vulnerability until we have addressed and resolved it.
  3. Non-Destructive Testing: Ensure your testing does not exploit or damage our systems beyond what is necessary to confirm the vulnerability.
  4. Respect User Privacy: Do not access, disclose, or modify user data without explicit permission during testing.
  5. Legal Protection: We pledge not to take legal action against researchers who act in good faith and adhere to this policy.

After receiving your report, we will acknowledge it and work to resolve the issue promptly. We appreciate your efforts in helping us maintain the security of our systems.

System Availability and Changes
Quester is committed to communicating system changes and outages to our clients and users. Depending on the scope the change will be communicated via email or reported on this page. As of 5:51 AM, Thursday, December 19, 2024 (CST) all systems are operational.

For additional information, please see our detailed white paper or contact us at security@quester.com.

Last reviewed and modified on August 18, 2024