The operating system for introducer-led growth

Security — Frequently Asked Questions

Who operates RQ?

RQ is operated by RQ Ratings Ltd, a UK-based company headquartered in London. The company was founded in 2021 with a mission to bring structure, compliance, and visibility to referral activity in professional services. RQ was developed in collaboration with ICAEW (Institute of Chartered Accountants in England and Wales) to address the unique compliance and regulatory requirements that professional firms face when making and receiving referrals. The platform is built on enterprise-grade infrastructure with ISO 27001 certification, ensuring that your data is protected to the highest international security standards.

Is RQ ISO 27001 certified?

Yes. RQ has achieved ISO 27001 certification, the internationally recognised standard for information security management. **What ISO 27001 means:** ISO 27001 is the leading international standard for information security management systems (ISMS). Certification demonstrates that an organisation has: - A systematic approach to managing sensitive information - Appropriate security controls in place - Regular security audits and assessments - Continuous improvement of security practices **Our certification covers:** - All systems and infrastructure used to deliver RQ - Data processing and storage - Access controls and authentication - Incident management and response - Business continuity and disaster recovery - Staff security awareness and training **Why this matters for you:** Working with an ISO 27001 certified provider gives you assurance that: - Your data is protected by industry-leading security practices - Security is taken seriously at every level of the organisation - Independent auditors have verified our security controls - We continuously monitor and improve our security posture Our ISO 27001 certification is audited annually by independent assessors to ensure ongoing compliance.

Is RQ GDPR compliant?

Yes. RQ is fully compliant with UK GDPR (General Data Protection Regulation) requirements. **Data protection measures:** - **Lawful basis** – Clear lawful bases for all data processing activities - **Data minimisation** – We only collect and process data necessary for the service - **Security** – ISO 27001 certified information security management - **Data subject rights** – Full support for access, rectification, and deletion requests - **Data processing agreements** – Appropriate contracts with all customers - **Sub-processor management** – Careful oversight of any third-party data processors - **Privacy by design** – Data protection built into product development **Your responsibilities:** As a RQ customer, you remain the data controller for your client information. RQ processes this data on your behalf as a data processor. We provide: - Data processing agreements as standard - Documentation to support your own compliance obligations - Tools to help you respond to data subject requests **Data location:** RQ data is processed and stored within the UK/EU in secure, certified data centres.

What security standards does RQ meet?

RQ is ISO 27001 certified, demonstrating a formal information security management system that meets international standards.

What is ISO 27001?

ISO 27001 is the internationally recognised standard for information security management systems (ISMS). It provides a framework for managing and protecting sensitive information through risk assessment, security controls, and continuous improvement. RQ's ISO 27001 certification can be verified at https://www.tempoaudits.com/rqratings-iso27001

Is RQ secure?

Yes. Security and data protection are core to RQ. We follow best practices to keep your data safe.

What does ISO 27001 certification mean for my data?

ISO 27001 certification means RQ has implemented comprehensive security controls covering data protection, access management, encryption, incident response, and business continuity. These controls are independently audited annually. View our certification at https://www.tempoaudits.com/rqratings-iso27001

Where is data stored?

Data is stored in secure, UK-appropriate infrastructure that meets the requirements of regulated professional firms.

How often is RQ audited for ISO 27001?

RQ undergoes annual surveillance audits to verify ongoing compliance, with a full recertification audit every three years. This ensures our security practices remain current and effective. Our certification is publicly available at https://www.tempoaudits.com/rqratings-iso27001

Is data shared without permission?

No. Data sharing is strictly controlled by workflow rules and consent. Nothing is shared without proper permission.