Security Program Highlights


Last Updated: August 23, 2024

Data Security
IQware encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Infrastructure Security
IQware uses Amazon Web Services to host applications. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.


Responsible Disclosure Policy

Last Updated: August 23, 2024

Data security is a top priority for IQware, and IQware believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in IQware’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

IQware provides this service to help ensure a safe and secure environment for all users. If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com. 

This policy applies to IQware hosted applications and to any other subdomains or services associated with products. IQware does not accept reports for vulnerabilities which solely affect marketing websites (www.iqwareinc.com), containing no sensitive data. 

Security researchers must not: 

  • engage in physical testing of facilities or resources, 
  • engage in social engineering, 
  • send unsolicited electronic mail to IQware users, including “phishing” messages, 
  • execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks, 
  • introduce malicious software, 
  • execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems, 
  • test in a manner which could degrade the operation of IQware systems; or intentionally impair, disrupt, or disable IQware systems, 
  • test third-party applications, websites, or services that integrate with or link to or from IQware systems, 
  • delete, alter, share, retain, or destroy IQware data, or render IQware data inaccessible, or, 
  • use an exploit to exfiltrate data, establish command line access, establish a persistent presence on IQware systems, or “pivot” to other IQware systems. 

Security researchers may: 

  • View or store IQware nonpublic data only to the extent necessary to document the presence of a potential vulnerability. 

Security researchers must: 

  • cease testing and notify us immediately upon discovery of a vulnerability, 
  • cease testing and notify us immediately upon discovery of an exposure of nonpublic data, and, 
  • purge any stored IQware nonpublic data upon reporting a vulnerability. 

 

Thank you for helping to keep IQware and our users safe!