|What data does Financial Reporting collect?||The Financial Reporting report process collects only the top level summary of the Balance Sheet and Income Statement information required to produce your Financial Reporting report. Your company account information is deleted from our secure server once the report process is complete.
|How is my data protected at rest?||Your data is encrypted with a unique Advanced Encryption Standard (AES) 256 bit symmetric key with cipher-block-chaining. A second layer of protection using a Rivest Shamir Adleman (RSA) 3072-bit key is also applied.
|How is my data protected during transmission?||Prior to transmission, your data is first protected using the same process described for protecting your data at rest. During transmission your already encrypted data is further protected with a Secure Sockets Layer (SSL) certificate that uses RSA 2048-bit, AES-128 bit (with cipher-block-chaining) and SHA1 protection.
Support for weak SSL algorithms, such as v2.0 and lower, PCT 1.0 and all ciphers utilizing MD5, RC4 or weak key-lengths have been disabled at the host.
How are Profit Mastery applications implemented to help protect my data?
- All inputs are validated for type, format, length and range
- Input validation methods use a white-list approach, regular expressions or both
- Input data embedded in Web responses are encoded to help prevent Web-based injection attacks
- All inputs are additionally checked using built-in platform protection to help prevent Web-based injection attacks
- Built-in platform protection mechanisms to prevent request/response data tampering and information disclosures are enabled
- All database operations use parameterized queries to help prevent database injection attacks
- Cryptographic operations are performed using only standard libraries
- 100% managed language implementation which helps reduce the risk from memory-based injection/corruption attacks
- All authorization checks are done so using built-in well-reviewed role-based authorization modules
- All authentication checks are performed using built-in well-reviewed authentication modules
- All applications are deployed in least-privileged modes along with reduced attack surface and secure defaults principles
- Automated session expiration after certain periods of login inactivity
- Automated account lockout to help reduce the risk from brute-force attacks
- HTTP Strict Transport Security response headers enabled
- All application and operating system security patches are applied within 48-hours of public availability
|What additional controls/certifications are used to help protect my data?||
Application servers and database servers are hosted in data centers that have been validated by certified independent third parties for the following:
- SAS 70/SSAE 16
- ISO 27001
- Safe Harbor