Independently audited, continuously monitored, and built on zero-trust principles. Your data is protected by the same controls you’re using Quays to enforce.
Annual third-party audit covering security, availability, confidentiality, and processing integrity.
Information Security Management System certified by an accredited body. Annual surveillance audits.
Full compliance with EU General Data Protection Regulation. EU data residency available.
Business Associate Agreements available for covered entities. Aligned with HITECH security rule.
California Consumer Privacy Act compliant. Full data subject rights honored.
Validated environments for life sciences customers. Compliant e-signatures and audit trails.
AI-powered analysis continuously scans your QMS for missing controls, outdated SOPs, untrained personnel, and overdue reviews — the equivalent of CVE scanning, but for compliance gaps.
AES-256 at rest, TLS 1.3 in transit. Customer-managed encryption keys (BYOK) available on Enterprise. Field-level encryption for PII and PHI.
Multi-region active-active deployment on AWS. Hardened images. Continuous vulnerability scanning. Quarterly third-party penetration testing.
SAML 2.0 SSO with any IdP. SCIM 2.0 auto-provisioning. Granular RBAC down to the field. IP allow-listing. MFA enforcement and session controls.
32 pages on architecture, controls, and certifications.
Available under NDA via the Trust Center.
Most recent third-party penetration test results.
Pre-signed Data Processing Addendum and HIPAA BAA.
We welcome security research. If you believe you’ve found a vulnerability, please email security@quays.io with details. We commit to acknowledging within 48 hours and providing a triage update within 5 business days. Coordinated disclosure preferred. Public Bug Bounty live on HackerOne.
Join 2,000+ organizations that trust Quays to manage quality, compliance, and continuous improvement. See how it works for your team.