controller-team-accounting-department-advisory-services

Secure Online Accounting Services

We take data security seriously—and so should you.

Disaster Recovery And Business Continuity Assurance

At AccountingDepartment.com, we can assure you that your business' most crucial information is maintained in a secure virtual accounting environment. Our detailed process to maintain strict security is based on accounting best practices, which we implement throughout our accounting services.

To give you better understanding of virtual accounting best practices we put into place to maintain a secure environment for your data, we've mapped out our data back-up procedures, insurance coverage and the specs of the data center facililty.


RIGHT NETWORKS / XCENTRIC Security Policies:

To review the original source: https://cloud.xcentric.com/xc/cms/policies/security

Right Networks Cloud security is designed to meet the strict security and privacy standards that the accounting industry must adhere to – for today and beyond. With the ever-changing security risks that are present when transacting business online, it’s understandable if you have concerns about keeping your data safe. Because your firm has chosen Right Networks products and services to serve your technology hosting needs, you can be assured that your software and data are in one of the most secure locations available—the Quality Technology Services SOC audited Data Center.

Comprised of facilities totaling more than 376,000 square feet, it is one of the most advanced and secure data centers in the world. Every precaution is taken to guarantee the safety of your data. Equipment and facilities are protected against fire, natural disasters, power failures, and other unexpected scenarios. Quality Technology Services currently operates 11 data centers across the United States.

Data Security
  • Data moving over the Internet is encrypted using technology that complies with the Federal Information Process Standard 140-2, Security Requirements for Cryptographic Modules.
  • Load-balancing devices and the security infrastructure provide address anonymity with built-in safeguards to prevent “Denial of Service” (DoS) attacks and ID spoofing.
  • Systems access logged and tracked for auditing purposes
  • Documented change-management procedures.
Infrastructure
  • Redundant electric power feeds are used from separate utility substations.
  • Diesel generators with more than 25 megawatts of power supply backup for the entire complex.
  • Internet access is obtained multiple providers using multiple secure entrances into building and fiber access to primary carriers.
  • Datacenter footprint 376,000 sq. ft. total enclosed space with 168,000 square feet of 48” raised floors that accommodate cable management and uniform cooling distribution.
  • Advanced fire control systems enable the detection of heat and smoke. Fire suppression using current and approved fire suppression systems operate both above and below the raised flooring.
  • Multiple layers of dedicated firewall and VPN services to block unauthorized system access.
  • Very Early Smoke Detection Apparatus provides the earliest possible warning of a potential fire event by detecting smoke particles at the incipient (first) stage of fire.
Security
  • 24/7/365 internal security monitoring is maintained by onsite personnel via camera surveillance at all entry points.
  • Card-key and biometric entry systems admitting only authorized personnel is continuously logged and monitored.
  • Multi-zoned, multi-level keycard access controls and monitors all access into the data center and internal areas.
  • Picture ID is required for entrance into all buildings.
Data Privacy
  • All data is treated as strictly confidential.
  • Access to your information is limited to those employees with a business requirement for accessing such information.
  • Secure media handling and destruction procedures for all customer data.
In addition, your customer information will never be discussed with third parties without your permission.
As technology continues to advance, you can be sure that the Right Networks data center has in place the most up-to-date safeguards possible to keep your personal and business financial information confidential and secure. We value your trust in our commitment to keep your data safe. You can be confident that the SOC Right Networks Data Center will deliver.

Complementary Client Entity Controls

Right Networks’ information technology control system was designed with the assumption that certain controls will be implemented by user entities. In certain situations, the application of specific controls at user entities is necessary to achieve certain control objectives. This section describes additional controls that should be in operation at user entities to complement the controls within Right Networks’ description of its information technology general control system. Each user entity must evaluate its own internal control structure to determine if the identified complementary user entity controls are relevant and/or have been placed in operation. This list of user entity controls should not be regarded as a comprehensive list of all controls which should be employed by user entities. There may be additional controls not identified in this report that would be appropriate for the processing of user transactions. Complementary user entity controls that should be considered by user entities and their independent auditors include those listed below:

  • Controls should be established to provide reasonable assurance that business process and application controls are designed and operating effectively to ensure that the user organization's transactions are complete, accurate, valid and access is appropriately restricted.
  • The user entity should read, acknowledge, and be familiar with all contracts and their respective terms and conditions, and the services offered to users.
  • The user entity should report material changes to their overall control environment that may adversely affect services being performed by Right Networks, in a timely manner. The entity must notify Right Networks immediately if a user with Right Networks Cloud administrative rights is leaving the firm.
  • The user entity should implement, monitor and maintain controls to protect the confidentiality, privacy, integrity, availability, and security of its data in alignment with the user entity’s risk tolerance.
  • The user entity should implement, monitor and maintain controls to protect the security and exercise of its users Right Networks Cloud access accounts and passwords. The entity users are required to answer security questions when requesting that a Right Networks consultant reset a password or provide access to a locked account.
  • The user entity should implement, monitor and maintain controls to protect the security and exercise of its Right Networks Cloud administrative access provided to the entity by Right Networks. Administrative access to entity Right Networks Cloud accounts must be explicitly requested by an entity principal for those users requiring such access.
  • The user entity is responsible for appropriate Internet connectivity for accessing the Right Networks Cloud network resources. Handling connectivity service problems or insufficient bandwidth are the responsibility of the entity.
Unacceptable Use

The following activities constitute unacceptable use of the Right Networks Cloud network and are prohibited.

  • Attempting to tamper with or evade the access control in order to gain greater access than assigned.
  • Attempting to hack, capture, or otherwise obtain passwords, encryption keys, or any other access control mechanism that could permit unauthorized access to any Right Networks Cloud Resource.
  • Intentionally damaging, degrading the performance of any Right Networks Cloud Resource, depriving authorized Right Networks personnel of access to a Right Networks Cloud resource, obtaining extra resources beyond those allocated or circumventing Right Networks security measures.
  • Attempting to compromise, bypass, or test any Right Networks Cloud security mechanism.
  • Scanning the Right Networks Cloud network for vulnerabilities.

Right Networks / XCENTRIC Back Up Policy:

Cloud Data Backup Policy

The following backup policies are implemented by Right Networks to protect client data including file share (network drives), and SQL server (databases) data.

Right Networks performs backups of File Share data (S, T, O, U, Q drives) on the following basis:

  • Hourly backups: Retained for 24 hours
  • Daily backups: Retained for 14 days (start at 12:10am)
  • Weekly backups: Retained for 4 weeks (start Sundays at 12:15am)
  • Monthly backups: Retained for 12 months (start on 1st day of the month at 12:12am)
  • Annual backups: Retained for 3 years (start on May 1 at 12:15am)

The File Share hourly and daily backups are incremental, including changes since the last backup.

Right Networks performs backups of SQL server data (database) on the following basis:

  • Daily backups: Retained for 10 days (nightly)
  • Weekly backups: Retained for 4 weeks (start on the weekend)
  • Monthly backups: Retained for 12 months (start on 1st day of the month)
  • Annual backups: Retained for 3 years (start on May 1)

The SQL weekly, monthly, and annual backups are full, snapshot backups which do not include changes that occurred between backups.

Requests to restore data from backup may take up to 5 business days to complete.

Permalink for this article: https://cloud.xcentric.com/xc/user/learn/kb?documentId=bkp1vau19ltgos4tvb90

Insurance:

At AccountingDepartment.com, we want to assure to you that your business' most crucial information is maintained in a secure virtual accounting environment. Our detailed process to maintain strict security is based on accounting best practices, which we implement throughout or accounting services.

Meet Our Clients:

Watch Video & Read Written Testimonials

Request A Free Consultation for Accounting Services

exit strategy alignment
New Call-to-action
New Call-to-action
New Call-to-action