Trust

Table of Contents

  1. Security

    1. Software versus Online Accounting
    2. Application Access
    3. Server Security
    4. Server Security Personnel
    5. File Security
  2. Backups
  3. Uptime
  4. Continuity of Service

Security

Your financial data is very important to you and protecting it has been central to our business success for nearly 10 years.

Software versus Online Accounting

Accounting Sofwtare Online Accounting
Employees can copy of an accounting software file from your site without a trace. Saasu tracks employee access and logs activity to help you monitor employees.
A computer with an accounting software file on it if stolen potentially creates a large privacy, security and recovery issue. Saasu doesn’t store your data on your C:drive so all you need to do is to sign into another computer and you are up and running.
A computer is vulnerable to viruses, botnets, trojans and other malicoius attacks that read, take or corrupt data on your computer When you access Saasu you are using a web browser which reads data on our servers.
People often store credit card numbers in accounting software files which is a major security issue if you are not PCI compliant. Saasu can process card payments with a gateway without storing the card number on your computer.

Application Access

We use SSL (Secure Socket Layer) just like online banking services to encrypt the information passing between the browser and the server to stop any potential hackers from accessing your data in transit. Access is username/password protected. Password resets can only be processed after identification check or via a reset email delivered to the users email address. Once logged into the system, the user can only access information that they have permission to view. The Role based access system allows the file administrator complete control of access to your information.

Only a few admin level staff have the ability to access or reset your file access at anytime. When you compare this to thousand’s of personnel in banks having access to your bank account information. We employ various checks and techniques that ensure URL manipulation, session management and other security issues risks are reduced. Files can also be locked on request. When you compare this laptop theft or typical desktop software viruses we believe we are substantially safer than most on-premise software implementations.

Server Security

Firewalls are managed by security specialists and deployed in a private IP space, while servers and routers are segregated in a Virtual Local Area Network (VLAN). Network security features also include multi-level privileges, OS lock downs, centralised authentication and device change logs.

Security Patching is performed by constantly updating our security systems. This ensures optimum protection for our subscribers. Monitoring and addressing emerging threats, and quickly processing and applying new security patches is standard procedure.

The server manager is constantly engaged in threat analysis. They work on identifying and addressing security weaknesses in Web-oriented servers, applications and activities.

A security testing laboratory ensures all high level security devices are subjected to full security testing before they are deployed including the installation and configuration of the Operating System, the disabling of vulnerable or unneeded services, and advanced vulnerability tests.

Amazon Web Services Security Whitepaper

Server Security Personnel

Security specialists have earned Certified Information System Security Professional certifications (ISO/IEC 17024) and we have working relationships with other security response teams.

To ensure a fast response to a security event, qualified personnel are available 24x7x365.

File Security

Employee fraud comes in many forms and is difficult for any business to contain because many procedural factors are involved. Software and Web Access are just one aspect. Security has to be looked at holistically.

In theory employees can access trial or free version of most accounting products to produce fake documentation. They can also digitally modify existing documents like payslips or invoices. Online accounting applications have the benefit of real-time traceability of user activity while software may not.

Saasu can help generate some extra comfort through tracking user activity and making this information available to the Subscriber on request. For security reasons we don’t disclose what is available in the public domain. Please contact us for more information.

Saasu Roles allow you to control access levels of your users. The default settings for your initial subscription allow for full access to all areas. However you are in control of the access levels of each user and accordingly the access to areas such as Settings which include features like invoice/email templates and the locking of transactions around date ranges.

Security features include:

  • User roles which disallow access to defined areas in Saasu. The Subscriber/Admin level has control of user roles. Go to MySaasu > Manage Subscription > click on each employee to control their Role (access level). You can create your own custom Roles in this area.
  • Lockable transaction settings down to same day. Go to Settings > Transactions.
  • Tracking of Users who created, modified and deleted a transaction.*
  • User Sign-in Audit Trail report including IP address tracking. Go to Reports > Security > User Signin Audit Trail report
  • Last modified information at the bottom of Sales and Purchase transactions amongst others.
  • Email activity log files.*

* On application. Fees may apply.

Backups

Your financial data is important and needs to be backed up (copied in case of technology problems) and securely stored to ensure it is always available to you. Saasu has 7 backup processes across 4 locations and offers you 2 more optional steps you can take – just for you to use if you wish to use them.

  1. Mass Data Storage (Site A)
    Saasu uses a high end relational database server to store your transactions and related data. Every time the database does an update it also writes the data to a separate log for roll forward recovery if required.
  2. Intraday Backup (Site A)
    Every 15 minutes we take an incremental log snapshot of the activity during that period.
  3. Daily Same Site Full Database Backup (Site A)
    An automatic backup process of all data using network area storage. To reduce the risk of data loss and to ensure storage capacity remains adequate we do this in a scalable cloud based server environment. These storage systems accommodate multiple hard disks and are fault tolerant. In the event of a single hard disk failure, the system will keep working with no data loss.
  4. Daily Off Site Backup To (Site B)
    Transaction Logs from the last 24 hours.
  5. Weekly Off Site Full Backup To (Site B)
    Full backup of databases.
  6. Weekly Off Site Full Backup To (Site C)
    Saasu also backs up data at least each week at a completely different site. This is done to further protect your data in the extremely unlikely event that all our other servers and backups are lost due to disaster. We also use different processes for this backup to that used for Site A and B so additional protection through technology and process diversity is provided.
  7. Monthly Off Site Diverse Backup (Site D)
    As per above however the backup is stored in a fourth location at least monthly (typically weekly).
  8. Regular/Irregular Self Backup Manually via CSV/PDF Download (Site E+)
    Want more? You can keep your own backups too. You are able to save your selected files for General Ledger, Client list, Employee List, Supplier List and some other information to a CSV (comma separated values also known as spreadsheet) file. This file, in conjunction with paper (or electronic PDF) copies of your invoices issued, provides you with a complete record of you core transaction data on your own premises and even send copies to another person or site if you wish.
  9. Regular Self Backup Automatically Via Web Services (Site E+)
    Still need more? Technically capable people can also program a custom extraction routine if they wish used our connectors and save the information in any form that suits you including multiple premises but that is entirely up to you. You just need to register as a Technical Partner with us first.

Uptime

Saasu Uptime Reports by Pingdom. Pingdom is an independent 3rd party reporting service that checks our online accounting servers constantly for availability and speed.

Continuity of Service

A good question to ask any of your critical service providers is "What happens if you go out of business?"

With Saasu you:

  • can export you data from View > Import or Export area. Do this at a frequency that suits your comfort/compliance needs.
  • are buying a product and service from a profitable company, not a startup. Saasu is still roughly doubling revenues each year.

If we went into administration we believe they would:

  • Sell the customer base (which is now substantial) and also the intellectual property to a competitor or new owner.
  • Keep the servers running. The provision of the web application is quite low cost relative to this so it would be sensible to leave the application running pending sale of intellectual property and customers.
  • Put the code into the public domain so customers could host or run the application themselves if none of the above was achievable.