How We Guarantee Security

We enable data security through internal procedures and follow global security standards.

Physical Security

Access Restriction

Only users with an ID card (guest, IT staff, administration etc.) have access to our offices. This measure along with video surveillance cameras allows tracking and managing access to the critical physical facilities (servers, workstations).

Security Zoning

Our offices are divided into different access zones. Certain resources (file servers, for example) are restricted to a limited group of users, with permission-based access control implemented.

Hardware Security

Hardware Duplication

All sensitive infrastructure hardware is duplicated and located in two separate protected server rooms with restricted access.

Security Links

To ensure our hardware security, we have established three duplicated internet links and two data links between offices.

Backup and Replication

Data backup and data replication are in place so that no bit of data is lost in case the system is under attack.

Software Security

Domain-level controlled antivirus

Software restriction policy

Network attack blocker on all workstations

IPS (intrusion prevention system) on gateways

Antispam and more

Sensitive Data Protection

Least user access policy

Regular infrastructure monitoring

Installation of anti-malware software

Password management

IP security training

(protection against phishing attacks, social engineering, etc.)

Email authentication, etc.


Autonomous Infrastructure

The infrastructure works autonomously in case of emergency. It is compliant with the security and fault-tolerance requirements from enterprise clients and large financial groups (Societe Generale, Raiffeisenbank, BNP Paribas).

Troubleproof Internet Connection

There are 2 independent broadband channels in each office. The channel redundancy is important to ensure that office operation remains unaffected by local Internet accidents.

Power Outage Protection

As an electricity backup, the offices and server rooms have a transfer switch. In case of an accident, it switches to the backup generator. Besides that, each computer is also secured by an Uninterruptable Power System (UPS).


Andrey Kisel

Chief Information
Security Officer

“At Qulix, we give the highest priority to information security and follow enterprise-wide processes to build secure development, testing, and deployment environments. We have adopted the ISO 27001-based Information Security Management System to ensure that a secure business environment is established for both our internal as well as the client’s data.”

See our Information Security Policy for more details.

IP Rights Protection

IP protection is secured at 2 levels — administrative & legal restrictions and infrastructure restrictions. It means that:

We always sign an IPR transfer agreement with our employees stating that all artifacts (etc.) produced during the project due course belong to the company.

In addition to that, there is quite an efficient schema of permissions and access control, so only authorized team members can access certain information.

All employees sign individual non-disclosure agreements (NDAs). Additionally, we always have NDA clauses in our contracts or separate NDAs.

All intellectual property rights are transferred to the client, which is explicitly specified in our legal agreements. The transfer is properly documented to avoid any legal pitfalls for the client.

Compliance with Global Standards

This enables us to thoroughly protect our financial information, intellectual property, employee details, or information entrusted by third parties.

We follow the best recommendations of OWASP in terms of security tools and resources, networking as well as on-site staff training.