QSC ​Security Approach

For over fifty years QSC has pushed boundaries as a global leader- first with audio, followed by sophisticated digital video and control solutions. The development of Q-SYS as a software-based platform has enabled us to forge ahead in providing secure networked solutions within an evolving market. The Q-SYS Platform is structured with a security forward mindset, and our development team continues to drive innovation to that end. This manifests in a three-part security approach – assess, protect and deliver:

Assess

Inspect

To stay at the forefront of network security means continual evaluation, which is why we focus our efforts on audits, inspections and testing. Our security audit baseline is the OWASP ASVS 4.0, with its goal being to revise the security of the application and the systems that support it, focusing on the identification of those vulnerabilities that could be exploited by an attacker.

Sign

QSC cryptographically signs the code of all new Q-SYS firmware releases to ensure system integrity. All firmware updates will be inspected for a digital signature and by default, will only install firmware signed by QSC. This protects against illegitimate and potentially unsafe firmware.

Test

Extensive testing is performed throughout every stage of the software development process. This includes white-box testing (inside to outside) which identify potential vulnerabilities in the source code and libraries, as well as black-box testing (outside to inside) to better simulate how an attacker might attempt to compromise the platform.

Protect

Authenticate

Q-SYS allows administrators to customize permissions to each individual security environment via role based access controls. In addition, 802.1X can be enabled on Q-SYS Cores and peripherals for network infrastructure access protection.

Encrypt

QSC implements encryption on data transport and storage across key areas of the Q-SYS Platform, using recognized IT security best practices.

Deliver

Update

Q-SYS firmware updates deliver security patches, security features, and feature updates. The Q-SYS software-based system allows our customers to continually receive the latest and most up-to-date security developments with the push of a button.

Train and Support

Our award winning Q-SYS Training curriculum provides our customers with the knowledge to optimally leverage the Q-SYS Ecosystem both functionally and securely. And finally, our customer support is here to address any issues in developing a structure appropriate to your security environment.

Explore our security documentation for a deeper look

Understand how Q-SYS is operating on your network, and ensure that your system is configured in accordance with recognized IT Security best practices from QSC.
 

Read Full Documentation

Don’t have all day? Go straight to the sections that pertain to your role.

Compliance Managers

Topics Include:

  • SOC 2
  • OWASP
  • Pen Testing

 

Learn More

IT Security Experts

Topics Include:

  • Data Security
  • Data Flow and Storage
  • Data Types

 

Learn More

AV System Integrators

Topics Include:

  • Security Tools
  • Configuration Best Practices

     

 

Learn More

Reach Out to QSC

QSC is committed to providing our customers with the resources they need to build in-line with best practices. This methodology has earned the loyalty and trust of thousands of customers, and in return we will continue to provide excellence in quality, innovation and security. If you’ve discovered a potential security issue, please click below to report your findings.

 

Report Issue