Complimentary User-Entity Controls

Quantum Workplace services are designed with the assumption that certain controls would be implemented by user organizations. In certain situations, the application of specific controls at the user organization is necessary to achieve control objectives included here. Quantum Workplace management makes control recommendations to user organizations and provides the means to implement these controls in many instances. Quantum Workplace also provides best practice guidance to customers regarding control element outside the sphere of Quantum Workplace responsibility.

This section describes additional controls that should be in operation at user organizations to complement the controls. Customer Consideration recommendations include:

  • User organizations should implement sound and consistent internal controls regarding general IT system access and system usage appropriateness for all internal user organization components associated with Quantum Workplace.
  • User organizations should practice archival of user accounts for any users who have been terminated and were previously involved in any material functions or activities associated with Quantum Workplace services. 
  • Transactions for user organizations relating to Quantum Workplace services should be appropriately authorized, and transactions should be secure, timely, and complete. 
  • For user organizations sending data to Quantum Workplace, data should be protected by appropriate methods to ensure confidentiality, privacy, integrity, availability, and non-repudiation. 
  • User organizations should implement controls requiring additional approval procedures for critical transactions relating to Quantum Workplace services. 
  • User organizations should report to Entity in a timely manner any material changes to their overall control environment that may adversely affect services being performed by Quantum Workplace. 
  • User organizations are responsible for notifying Quantum Workplace in a timely manner of any changes to personnel directly involved with services performed by Quantum Workplace. These personnel may be involved in financial, technical or ancillary administrative functions directly associated with services provided by Quantum Workplace. 
  • User organizations are responsible for adhering to the terms and conditions stated within their contracts with Quantum Workplace. 
  • User organizations are responsible for developing, and if necessary, implementing a business continuity and disaster recovery plan (BCDRP) that will aid in the continuation of services provided by Quantum Workplace.
The list of user organization control considerations presented above and those presented with certain specified control objectives do not represent a comprehensive set of all the controls that should be employed by user organizations. Other controls may be required at user organizations. Therefore, each customer system of internal controls must be evaluated in conjunction with the internal control structure described here.