Knowledge Technology Solutions, Inc., d.b.a. Quester®, an Iowa corporation (“Knowledge Technology Solutions,”, “Quester”, “we,” or “us”) is committed to protecting our clients’ and partners’ data with the highest standards and integrity.  For a complete detailed white paper of our security systems, download our white paper and view our privacy policy.

Comprehensive Information Security Program
Quester values our clients and partners.  We take the obligation of protecting the confidentiality, integrity, and availability of the data entrusted to us seriously.  We understand and agree that protection of your confidential data is your most important concern when partnering with us.  To fulfill our commitment to protecting your confidential data, Quester has implemented and maintains a comprehensive Information Security Program that utilizes the framework NIST SP 800-53.

General Data Protection Regulation (GDPR)
Quester is committed to our clients’ and partners’ privacy and has made this a top priority company-wide.  This commitment is not limited to the US marketplace and is the reason Quester has prepared accordingly for the General Data Protection Regulation (GDPR).

Vendor Management Program
Quester has a Vendor Management Program to identify risks associated with 3rd party vendor services. This vendor management program consists of a review of any independent audits or penetration testing the 3rd party has undergone.  Should the audit criteria be considered inadequate or the results of the testing present control gaps, the 3rd party vendor will be provided a security risk assessment questionnaire to complete.  The answers will then be reviewed by the Quester security team to determine if additional vetting is required before accepting the vendor.  All vendors at a minimum are SOC 2 certified.

Respondent Confidentiality and Participation
Quester understands the importance of consumers and respondents when performing market research.  We respect respondents’ privacy and hold their data to the same high standards as our clients and partners.  Respondent data is anonymous whenever possible and is not reported individually, but in the aggregate.  Respondent participation is completely voluntary, and consent is always required to collect your data.  Quester is a member of the Insights Association and upholds their Best Practices when it comes to market research.

Responsible Disclosure Policy
Quester encourages the responsible disclosure of any security vulnerabilities or weaknesses discovered in our systems. If you identify a potential vulnerability, please follow these guidelines:

  1. Report the Vulnerability: Send an email to security@quester.com with a detailed description of the vulnerability, including steps to reproduce it and its potential impact.
  2. Confidentiality: Do not publicly disclose or share any information about the vulnerability until we have addressed and resolved it.
  3. Non-Destructive Testing: Do not attempt to exploit or damage our systems beyond what is necessary to validate the vulnerability.
  4. Respect User Privacy: Do not access, disclose, or modify user data without explicit permission during your testing.
  5. Legal Protection: We commit to not taking any legal action against researchers who act in good faith and comply with this policy.

Once we receive your report, we will acknowledge it and work to resolve the issue. We appreciate your help in maintaining the security and integrity of our systems.

System Availability and Changes
Quester is committed to communicating system changes and outages to our clients and users. Depending on the scope the change will be communicated via email or reported on this page. As of 7:51 PM, Saturday, September 23, 2023 (CST) all systems are operational.

For additional information, please see our detailed white paper or contact us at security@quester.com.

Last reviewed and modified on July 11, 2023