Cloud-based data security that meets tough European standards
We found out that even great companies with solid procedures and processes in place still skip security measures when it comes to recovery of VAT. Are you doing what it takes to ensure true data privacy and security when you handle your company VAT recovery process?
Your organisation demands enhanced data security – that means advanced measures and solutions that go beyond just the basics. You require assurance that all data security measures comply in full with the strict regulations of your country. Consider these 7 facts to determine whether your provider measures up.
- SOC2 Compliance: VATBox utilises comprehensive systems and procedures to protect data and systems of all sizes and complexities. SOC2 certified by Ernst & Young, VATBox ensures continuous security, availability, process integrity and confidentiality. All third-parties with access to target data must undergo an annual formal audit where VATBox monitors security standards compliance and addresses any concerns. This extensive VAT compliance covers all applicable business areas relevant to the customer ‒ security, availability, process integrity, confidentiality and privacy.
- Physical Security: VATBox utilises Amazon Web Services (AWS), where data can be logically separated in the database on a per-customer basis. Physical storage and processing location of the data can be divided per data jurisdiction domain. For example, EU customer data is stored in the European Amazon Availability Zone in locations in Ireland, while data from US entities is stored and processed in US Amazon locations.
- Network Security: All external network connections are configured with a “deny all” rule. There is absolutely no allowance for telnet, FTP or other unsecured protocols and all access is completely secured through the use of HTTPS and SFTP protocols. VATBox continuously monitors all external network connections using IPS/IDS which immediately generate alerts when a security event is detected.
- Encryption: Customer data does not reside on an internal network; the data is stored exclusively in the cloud. All sensitive data is encrypted by Amazon in transit and at rest, and VATBox does not utilise physical electronic media for customer data transfers.
- User Management and Authentication: VATBox has a formally documented Access Control process that includes role-based access policies, unique IDs for individuals, restricted use of generic IDs, and strict prohibition ID sharing. In addition to a variety of other measures, Multifactor Authentication Client (MFAC) is used to provide secure access to administrators and other highly-privileged accounts. Developers do not have access to production environments or any environment that contains target data.
- Data Breach Notification: In the event of a breach of data security or privacy controls, VATBox will promptly notify the organisation’s entire customer base of any security breach which poses any potential risk to the customers’ private information. VATBox will fully cooperate with and assist the organisation to remedy any such security breach. To-date, no such security event has ever occurred.
- Multi-Tenancy: VATBox’s software architecture runs on the cloud, and is designed to serve multiple tenants (i.e., organisations). VATBox provides adequate isolation of security, robustness and performance between multiple tenants by structuring the product layers appropriately. Every tenant maintains complete control over their dedicated data, configuration, user management and individual functionality.