Last updated: 29.5.2026.
Security is fundamental to how Incisive QA (“Incisive QA,” “we,” “us,” or “our”) delivers QA and testing services. This page describes the measures and practices we use to protect client systems and data. It works alongside our Data Protection and Privacy Policy pages.
1. Our Security Approach
We treat the systems and data our clients entrust to us with the same care we apply to our own. Our security practices are built around least-privilege access, confidentiality, and reducing unnecessary exposure to sensitive data during testing.
2. Access Management
Access to client systems and data is limited to the engineers assigned to each engagement, on a need-to-know basis. We use individual named accounts, role-based permissions, and strong authentication. Access is granted when an engagement begins and revoked promptly when it ends or when a team member’s role changes.
3. Data Security
We use encrypted connections for accessing client environments where applicable, and we favor synthetic, anonymized, or pseudonymized data over real production data in testing. We avoid storing client data outside agreed environments and follow each client’s instructions on where data may be held and processed.
4. Device and Endpoint Security
Engineers work on secured devices with up-to-date operating systems, endpoint protection, and disk encryption where applicable. We maintain internal practices to keep software patched and to reduce the risk of compromise.
5. People and Training
All personnel are bound by confidentiality obligations and follow our internal security practices. We brief engineers on secure handling of client data and on their responsibilities under each engagement.
6. Vendor and Tool Management
Where we rely on third-party tools or providers that may touch client data, we select them with care, apply appropriate data protection terms, and limit what data they can access. We remain responsible for how these providers handle client data on our behalf.
7. Incident Response
We maintain procedures to detect, contain, and respond to security incidents. If an incident affects a client’s systems or data, we notify the affected client without undue delay and work with them to limit impact and meet any reporting obligations.
8. Business Continuity
We take reasonable steps to maintain continuity of our services and to recover from disruptions, so that client engagements can continue with minimal impact.
9. Compliance Frameworks
We align our practices with the principles of recognized security and privacy frameworks, including the EU GDPR, UK GDPR, and applicable US privacy laws.
10. Client Audits and Assurance
We support our clients’ due diligence and audit needs by responding to reasonable security questionnaires and information requests, and by agreeing audit rights within the applicable service contract or Data Processing Agreement.
11. Reporting a Security Concern
If you believe you have found a security issue affecting Incisive QA or our services, please contact us so we can investigate promptly. Contact details are below.
12. Contact Us
For security or compliance questions, or to request our security documentation, contact us via Contact form.