Security Policy

HubProActive (HPA) is a Business Management System that provides a framework for businesses to carry out day to day activities in an efficient and structured way.

Version 2.0 This policy was last updated in February 2021. While we will never deviate from our commitment to maintain security of our service, we may update this policy from time to time.


QED Management Systems Limited ("QED", "we""us""our") owns the HubProActive (“HPA”) business management system Software as a Service (“SaaS”), suitable for all organisations but in particular SMEs who require a strong foundation on which to grow their business.

We are committed to ensuring HPA customers data is protected to the highest level.

Our full Security Policy is available to customers on request and explains in detail the security controls we have implemented to protect the HPA architecture and our customer data.

This Security Policy should be read with our Privacy Policy, which, together, apply to HubProActive SaaS.


HPA is hosted in UK data centres. Our Data Centres are ISO 27001:2013 certified, secure by design. For more information on the Security by Design, Disaster Recovery, Physical access, Monitoring and Logging, Surveillance and detection, GRC and Infrastructure Maintenance, please contact our HPA Information Security Officer at


Strong Encryption: Customer’s data entered in HPA is encrypted following best practice security protocols with SHA-2 and 2048 bit encryption.

SAN Chain Certificates: SSL SAN Chain Certificates with strong 2048-bit encryption are used for Production and Testing Domains.


Application Vulnerability Assessment and Infrastructure Vulnerability Assessment is managed through automated security assessments.

Distributed Denial of Service (DDoS): A managed Distributed Denial of Service (DDoS) protection service provides always-on detection and automatic inline mitigations that minimize application downtime and latency.

User Passwords and Multi-Factor Authentication: User passwords are protected by one-way cryptographic hashing function with salt (random data). Passwords are not stored in plaintext and it’s not possible to

reverse engineer the stored value equivalent. Customers can enable Two Factor Authentication for user access across the organisation or for privileged users to make their accounts even more secure.

After a user has made 5 unsuccessful attempts to log in with the incorrect login details they will be locked out for 10 minutes.

Software version and packages Patching Cycle: We run a continual patching cycle to ensure operating systems, applications are kept up to date. This mitigates any exposure to vulnerabilities.


QED does not sell, rent or share data with any third party unless previously agreed as part of any contractual arrangement (or legal or regulatory requirement). Please read our Privacy Policy for full details.

However, we do utilise some third parties that help provide our services. We ensure that the security measures in place at those third parties have, at the very least, the same high security standards that we employ ourselves.


Our staff are vetted prior to employment through our recruitment process. Checks include Proof of Identity, Proof of Right to Work, Proof of Residency and where required criminal history checks.

We also maintain a suite of internal information security policies, procedures, and guidelines, including incident response plans, which all staff, contractors and third parties must follow. These are reviewed at least annually.

In addition:

  • Only employees with the necessary rights and roles have pre-authorised access to our servers and underlying data. Access is unique, logged and uses strong password policies coupled with two-factor authentication, where appropriate.
  • Customer data is accessed by operational staff to provide necessary support and maintenance.

on an as-needed only basis, and only when approved by the customer (i.e. as part of a support or incident management).

  • Regular audits are performed and the process is reviewed by management to ensure only the right people have access to the necessary data and systems on an ongoing basis.
  • All employees must sign confidentiality agreements, attest to following QED policies and guidelines and complete our Information and Cyber Security Training program.
  • Our developers are versed in the OWASP Top Ten critical web application security risks.


Automated, manual backup and restore procedures are in place for the various system components of HPA as well as the OS and Software Version level selective patch management process. For an exhaustive list of resiliency (among other controls) please contact our HPA Information Security Officer at


“It’s been really easy to maintain our ISO audit schedule by carrying out remote audits using HPA. We also carried out our external surveillance audit remotely using HPA and the auditor was impressed with the level of information he was able to view remotely during the audit. HPA has enabled us to retain our ISO certification without any issues.”

"We’ve been able to carry on working as normal despite being in different locations. Having HPA has really helped keep the business running smoothly and kept staff up-to-date throughout the lockdown."

"Having HPA meant that it was easy to get people set up working from home quickly, knowing that they would have access to everything they needed to enable them to continue doing their jobs with no interruption to their daily activities."

"HPA has been invaluable during lockdown, it has enabled our staff to easily set up at home and access all the documentation they need to carry out their roles.  Using HPA has ensured that we remain compliant with staff using the latest versions of documents and maintain continuity whilst working remotely."

"We have been able to keep people informed of updates and information relating to changes required during the lockdown with updated and new documents added as we needed to, which the staff have been able to access easily, keeping them updated of progress."

"Having HPA meant it was a lot easier to get people set up working from home quickly, knowing that they could access all the right documents they would need was one less thing to have to consider when relocating people."

Try HubProActive for 30 days for free and see the benefits

Our software team can arrange an online demo to allow you to see the benefits of HubProActive.

Scroll to Top