Ensuring the security and privacy of your and your clients’ data is paramount to us. We employ the following stringent measures to protect your data and privacy:
- All servers are secured according to industry standards.
- AccountantsWorld utilizes Amazon.com’s secure data centers. Amazon Web Servers have been SSAE 16 audited and have also received ISO 27001 certification for information security.
- All sensitive data is encrypted in transit using SSL “green-bar” digital certificates.
- All data is backed up on a regular basis and is redundantly stored.
- We will not share your or your clients’ data with any external party.
As a result of these stringent security measures, your and your clients’ documents and data files are safer with AccountantsWorld than if they were stored on your own or your clients’ in-house networks and computers.
Secure servers
Our servers run the latest secure operating systems. All servers are configured according to industry best practices. All critical vendor-issued security updates are applied as soon as possible following their release. All access to resources is granted following the “principle of least privilege”; access is only granted to required resources. All systems are monitored 7x24x365.
Encryption
All our web servers are secured using Secure Sockets Layer (SSL). Servers are assigned a Secure Certificate ID that identifies the website and enables us to use SSL for secured data transfer.
To protect your and your clients’ critical financial information while it is transmitted over the Internet, all critical information such as credit card information, password, and personal data are encrypted using 128-bit SSL “green-bar” digital certificates from GoDaddy. For further protection, sensitive information remains encrypted while stored on our servers.
Physical security of server location
AccountantsWorld utilizes Amazon.com data centers, which are housed in multiple nondescript facilities located in Virginia. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All physical access to the data center is logged and audited routinely.
Authentication
All end users and internal staff are required to have unique user names and passwords. All passwords must be at least seven characters and include alpha-numeric characters. Users are not permitted to share user names and passwords. All logins are recorded and audited.
Backups
Data stored on our systems is redundantly stored in multiple physical locations as part of normal operations. Additionally, database data is mirrored in real time to a redundant system in a separate physical location. What this means is that a single system failure will not result in a loss of any data.
Protection against viruses
All servers and workstations are protected against virus attacks by utilizing leading anti-virus software. Anti-virus definitions are automatically and continually updated.