Trust Center
Enterprise-grade security practices for every engagement. We protect your data with the same rigor we apply to finding your vulnerabilities.
Security Practices
- ✓Assessment data encrypted at rest (AES-256) and in transit (TLS 1.3)
- ✓Data retained per engagement contract terms, securely deleted upon completion
- ✓Dedicated assessment environments isolated per client
- ✓No customer data leaves the assessment environment
- ✓Air-gapped assessment option available for sensitive environments
Framework Alignment
- ✓NIST PQC Standards (FIPS 203/204/205 — ML-KEM, ML-DSA, SLH-DSA)
- ✓NIST SP 800-57 Key Management, FIPS 140-3 Cryptographic Modules
- ✓SOC 2 Type II controls (Zoho and Azure certified infrastructure)
- ✓ISO 27001 Information Security Management
- ✓CMMC preparation services for defense supply chain
- ✓PCI-DSS 4.0 cryptographic assessment requirements
Personnel Security
- ✓Background-checked assessment teams
- ✓NDA-bound personnel on every engagement
- ✓Team members with prior security clearances (NSA, CIA, DIA, Air Force)
- ✓Continuous security awareness training
- ✓Segregation of duties across assessment phases
Enterprise Authentication
- ✓Single Sign-On (SSO) integration via SAML 2.0
- ✓Support for major identity providers (Okta, Azure AD, Google Workspace)
- ✓Role-based access control (RBAC) for multi-user teams
- ✓Just-in-time (JIT) user provisioning
- ✓Contact our team to configure SSO for your organization
Assessment Methodology
- ✓Standards-based: NIST SP 800-57, FIPS 140-3, NIST IR 8547
- ✓CVSS 3.1 vulnerability scoring with quantum-specific extensions
- ✓Automated cryptographic inventory (60+ detection modules)
- ✓Manual expert validation of all critical/high findings
- ✓Reproducible results with documented evidence chains
Data Handling
- ✓Assessment artifacts stored in encrypted, access-controlled repositories
- ✓Client data never used for training, marketing, or secondary purposes
- ✓Data residency: US-only option available
- ✓Secure deletion certificates provided upon engagement close
- ✓Incident response: 24-hour notification for any data security events
Available on Request
- ✓Cloud provider SOC 2 reports (under mutual NDA)
- ✓Penetration test summary for Qtonic Quantum infrastructure
- ✓Completed security questionnaire (SIG Lite, CAIQ, custom)
- ✓Sample Master Services Agreement (MSA)
- ✓Sample Statement of Work (SOW)
- ✓Certificate of Insurance
Cloud Infrastructure Certifications
Qtonic Quantum is built on SOC 2 Type II and ISO 27001 certified cloud infrastructure. Below are the certifications held by our cloud provider that your data benefits from.
SOC Reports
ISO 27000 Series
Certificates are issued to Zoho Corporation. Qtonic Quantum inherits these controls as a customer of Zoho's certified cloud infrastructure.
Need Compliance Documentation?
SOC 2 reports, security questionnaire responses, and sample agreements available under mutual NDA during engagement scoping.
Request DocumentationRelated Content
Methodology & Proof Points
Board Number scoring, quantum hardware validation, and sample deliverables.
About Qtonic Quantum
Independent quantum security advisory with former intelligence community leadership.
Government & Defense
SAM.gov registered. CNSA 2.0 aligned. Execution infrastructure for federal PQC transition.
Enterprise Solutions
Integrated quantum security solutions for Fortune 1000 and regulated industries.
Assessment Services
Active Verification rapid assessment, Qstrike26 quantum testing, Qsolve26 CISO-led PQR advisory.