Security + Compliance

Application security, network security, compliances and security policies.

Quolum Commitment

We take data integrity and security seriously. A SaaS Management product is a vital infrastructure where data flows about consumption, payments, and tools used in your organization. We have designed our application where all of us understand that security is a first-class citizen. A flavor of this thought process is a password-less architecture for customer onboarding. We handle the data safely and securely, and no data shared without consent. In our architecture, we have made choices. An attribute not required for processing is never stored in our database.

We assure you that the data of your organization will always be secure. We use Cloud and SaaS systems that are third-party tested and have received some of the highest certifications.

We undergo regular penetration tests, compliance checks, and certifications. These certifications ensure that we keep our commitment to privacy and information security.



The SOC 2 Trust Services Criteria attestation ensures that Quolum protects your organization's interests and securely manages your data.

Quolum's SOC2 Type 1 internal report is intended to meet the needs of your organization that require detailed information and assurance about the controls relevant to security, availability, and integrity of our systems and infrastructure that process the data and the confidentiality and privacy of your information.

This report is to assure you that our business operations, such as card issuance, just-in-time authorization, expense management, and spend management, protect the interests of your organization and the privacy of the users. The report is helpful when your organization needs to showcase that your vendors are compliant.

Privacy Shield

OWASP Top 10



Information Security

SSH keys are required to gain console access to our servers, and a user identifies each login. All critical operations are logged to a central log server, and our servers can be accessed only from restricted and secure IPs.

Hosts are segmented, and accesses are restricted based on functionality. That is, application requests are allowed only from AWS ELB, and database servers can be accessed only from application servers.

Application Security

Of 100 companies we spoke to, 96 had unused seats across their tooling.

Quolum finds these savings for you. Minus the effort.