Built for IT and security teams that need asset truth without compromising tenant boundaries or compliance posture.
TLS for agent and API traffic. Production databases and secrets use industry-standard encryption and key management practices.
Multi-tenant RBAC plus Postgres row-level security policies so one customer’s assets, tickets, and agents stay scoped to their tenant.
MFA (TOTP), SSO options (SAML/OIDC), session controls, and least-privilege roles for admins, technicians, and portal users.
Activity trails for sensitive actions, alerting pipelines, and operational logging designed for investigation and compliance evidence.
Run as managed SaaS or self-host with Docker and PostgreSQL on your infrastructure when data residency requires it.
QS Assets operates under SOC 2 security controls covering access, change management, and availability practices across the platform.
Infrastructure partners that may process customer data for the managed SaaS offering. Self-hosted deployments keep data on your stack.
Responsible disclosure: email security@qsasset.com or see security.txt.