At the QCA Group we take security seriously and use many of the most advanced technologies for internet security. Our security measures are also continually reviewed to make sure that the system remains at the forefront of advances in technology and that the system is available when you need it 24/7.

When you use an online QCA Group product you are using industry standard Secure Socket Layer (SSL) and private key encryption technology. Your information is also protected by server authentication and data encryption, ensuring that your data is safe and secure. The data is only available to registered users in your organisation and is completely inaccessible to your competitors or other unauthorised users.

The QCA Group also provides each authorised user with a unique user name and password that must be entered each time a user logs into the system. Users also are required to provide an answer to a question which is unique to them, to further safeguard password access.

The All corporate registrations have a unique identifier which provides a further level of security for companies, this prevents unauthorised access to valuable information. Anyone within your company wanting to use the system will be required to use this unique identifier to register and use the service.

The QCA Group may issues a session "cookie" to record encrypted authentication information for the duration of a specific session. These session "cookie" do not include the username or password of the user. The QCA Group does not use these "cookies" to store any other confidential information about the user or what has been accessed during that session. However session patterns are monitored to enable the QCA Group to enhance systems, provide a better user experience and to develop more advanced security methods from analysis of data flow.

In addition to the security already outlined the QCA Group's products are hosted in a world class secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.

Further information is available for clients by emailing security@qcacosts.com

REPORTING A POTENTIAL SECURITY VULNERABILITY

The protection of our customers data is pivotal to our business and as such, we encourage responsible reporting of any vulnerabilities that may be found in our site or system. As part of our commitment the QCA Group will not instigate legal action against security researchers that access or attempt to access our system on the basis they strictly observe the following conditions:

1. Confidentially provide details of the suspected vulnerability to settleITnow.com™ by emailing the details to security@qcacosts.com
2. The full details of the suspected vulnerability so that our team can investigate and rectify the vulnerability
    

The QCA Group does not permit the following types of security research:

1. Attempting to or causing Denial of Service (DoS)
2. Accessing, or attempting to access our clients data
3. All types of malicious damage including either attempting to, or destroying or corrupting either our or our clients data
    

Our commitment to all researchers who abide by our policy is to provide a receipt of their report in a reasonable time frame and details of how we will overcome the vulnerability and the expected timeframe to resolve the vulnerability.

NO COMPENSATION

The QCA Group will not compensate researchers for reporting a security vulnerability. Any request will be considered a breach of our conditions and as such the QCA Group reserves all of its legal rights.