NIST Compliance at QuestionWell

At QuestionWell, we prioritize the security and privacy of our users’ data by adhering to the rigorous standards set forth by the National Institute of Standards and Technology (NIST). Our commitment to NIST compliance ensures that we implement industry-leading practices to protect your information, maintain data integrity, and manage cybersecurity risks effectively.

Our Approach to NIST Compliance

1. Risk Assessment and Management: We begin by conducting thorough risk assessments to identify potential threats to our systems and data. By understanding the risks we face, we can implement the most appropriate security controls to mitigate those threats. Our risk management strategy is continuously updated to address emerging risks and evolving technologies.

2. Implementation of Robust Security Controls: QuestionWell has adopted a comprehensive set of security controls based on the NIST 800-53 guidelines. These controls cover all aspects of our operations, from access control and encryption to incident response and system integrity. By integrating these controls into our processes, we ensure that our platform remains secure and resilient against cyber threats.

3. Continuous Monitoring and Improvement: Security is not a one-time effort; it requires ongoing vigilance. We employ continuous monitoring of our systems to detect and respond to any potential vulnerabilities or breaches swiftly. Regular audits, vulnerability assessments, and penetration tests are conducted to ensure that our security measures are effective and up to date.

4. Policy Development and Documentation: We have developed comprehensive security policies and procedures in line with NIST guidelines. These documents guide our team in maintaining high security standards and ensure that all practices are consistently applied across our organization. We also keep detailed records of our compliance activities to demonstrate our adherence to NIST standards.

5. Incident Response Planning: In the event of a security incident, QuestionWell is prepared with a well-defined incident response plan. This plan, developed according to NIST recommendations, ensures that we can quickly contain and mitigate any impact on our users and systems. We regularly review and test our incident response plan to ensure its effectiveness.

6. Employee Training and Awareness: We believe that cybersecurity is a collective responsibility. That’s why we invest in ongoing training for our team members to ensure they are aware of the latest security best practices and their role in maintaining NIST compliance. This culture of security awareness is fundamental to our success in protecting your data.

7. Privacy Protection: In addition to securing our systems, we also focus on protecting your privacy. Our data privacy controls are designed to meet the stringent requirements of NIST 800-53, ensuring that your personal and sensitive information is handled with the utmost care.

8. Continuous Compliance: NIST standards evolve over time, and so do we. We stay informed of updates to NIST guidelines and continuously refine our practices to maintain compliance. This commitment ensures that our platform remains secure and that our users’ data is always protected according to the highest standards.

Why NIST Compliance Matters

By adhering to NIST standards, QuestionWell demonstrates our commitment to providing a secure, reliable platform for educators. Our focus on NIST compliance not only protects your data but also fosters trust in our ability to deliver safe and effective educational tools. When you choose QuestionWell, you can be confident that your information is safeguarded by some of the most rigorous security standards available.

Explore QuestionWell with the peace of mind that comes from knowing your data is protected with industry-leading security practices.

Our Transparency Report

Introduction:

At QuestionWell AI, we are committed to upholding the principles of transparency, user privacy, and maintaining a safe and secure online environment for our users. As part of our ongoing commitment to transparency, we are pleased to present our Transparency Report for the reporting period June 24, 2023 to November 24, 2023. This report provides an overview of legal information requests received and content enforcement measures undertaken by our company.

Legal Information Requests:

During the reporting period, we are pleased to inform our users and stakeholders that QuestionWell AI has received no legal requests from law enforcement agencies, government entities, or any other third parties. We have not been asked to disclose any users' private data, ensuring the privacy and confidentiality of our users' information remains intact.

Content and Platform Enforcement Measures:

At QuestionWell AI, we strive to maintain a safe and respectful online platform for our users. In this regard, we enforce our policies and guidelines as well as comply with intellectual property laws, local regulations, and content takedown requirements. The following sections outline our approach in more detail:

1. Terms of Service:

We have established and consistently enforce terms of service to ensure that our users have a positive and secure experience on our platform. Using Microsoft’s moderation API, we monitor and prevent any  hate speech, harassment, illegal activities, and other prohibited behaviors. 

2. Intellectual Property Laws:

As a responsible company, we respect intellectual property rights and comply with copyright, trademark, and counterfeit laws. We promptly respond to any valid notices of infringement received from copyright holders and take necessary actions, such as content removal or account suspension, as required by law. We are pleased to report that we have had to respond to no such notices.

Conclusion:

QuestionWell AI remains committed to maintaining transparency and protecting the privacy of our users while ensuring a safe and respectful online environment. We have received no legal requests seeking disclosure of users' private data during the reporting period. Our content and platform enforcement measures are guided by our company guidelines, terms of service, intellectual property laws, and local regulations. We will continue to prioritize the security and privacy of our users while complying with applicable laws and regulations.

We believe that transparency is essential in building trust and fostering open communication with our users and stakeholders. We will continue to provide regular transparency reports to keep our community informed about our practices and commitments.

For any further inquiries or requests related to this Transparency Report, please contact our designated representative at maya@questionwell.ai.