Trust & security

Your financial data is very important to you and protecting it has been central to our
business success for over 10 years. Here’s some of the ways we work to keep your
financial data secure, and why we believe it’s often more secure than keeping files
on your local computer or network.

Security

We use SSL just like online banking services to encrypt the information that passes between the browser and the server to stop any potential hackers from accessing your data in transit. Access is username/password protected. Password resets can only be processed after identification checks or via a reset email delivered to the user’s email address. Once logged into the system, the user can only access information that they have permission to view. The role-based access system allows the file administrator complete control of access to your information.

Only a few admin-level staff have the ability to access or reset your file access at any time – Compare this to thousands of personnel in banks having access to your bank account information. We employ various checks and techniques that ensure URL manipulation, session management, and other security issues risks are reduced. Files can also be locked on request. When you compare this to laptop theft or typical desktop software viruses, we posit that your data is substantially safer than most on-premise software implementations.

Private Cloud Server Security

Firewalls are managed by security specialists and deployed in a private IP space, while servers and routers are segregated in a Virtual Local Area Network (VLAN). Network security features also include multi-level privileges, operating system (OS) lock downs, centralised authentication, and device change logs.

Security Patching is performed by constantly updating our security systems. This ensures optimum protection for our subscribers. Monitoring and addressing emerging threats, and quickly processing and applying new security patches, is standard procedure.

The server manager is constantly engaged in threat analysis. They work on identifying and addressing security weaknesses in web-oriented servers, applications, and activities.

A security testing laboratory ensures all high-level security devices are subjected to full security testing before they are deployed. This includes installation and configuration of the OS, the disabling of vulnerable or unneeded services, and advanced vulnerability tests.

The security specialists we employ have earned Certified Information System Security Professional certifications (ISO/IEC 17024) and we have working relationships with other security response teams.

To ensure a fast response to a security event, qualified personnel are available 24x7x365.

Your Business File Security

Employee fraud comes in many forms and is difficult for any business to contain because many procedural factors are involved. Software and Web Access are just one aspect. Security has to be looked at holistically.

In theory, employees can access trial or free versions of most accounting products to produce fake documentation. They can also digitally modify existing documents like payslips or invoices. Online accounting applications have the benefit of real-time traceability of user activity which software may lack.

Saasu can help generate some extra comfort through tracking user activity and making this information available to subscriber on request. For security reasons, we don’t disclose what is available in the public domain. Please contact us for more information.

Saasu roles allow you to control the access levels of your users. The default settings for your initial subscription allow for full access to all areas. However, you are in control of the access levels for each user and accordingly the access to areas such as Settings which include features like invoice/email templates and the locking of transactions around date ranges.

Security features include:

  • User roles which don’t allow access to defined areas in Saasu. The Subscriber/Admin level has control of user roles. Go to My Saasu → Manage Subscription. Then click on each employee to control their Role (access level). You can create your own custom Roles in this area.
  • Lockable transaction settings down to the same day. Go to Settings → Transactions.
  • Tracking of users who created, modified, and deleted a transaction.1
  • User Sign-in Audit Trail report including IP address tracking. Go to Reports → Security → User Sign-in Audit Trail report.
  • Last modified information at the bottom of Sales and Purchase transactions (amongst others).
  • Email activity log files.1
  1. On application. Fees may apply.

Backups

Saasu takes data security and integrity very seriously. In these uncertain times, you need to be sure your data is not only 100% secure, but is fully backed up, in multiple places in the event of any catastrophe. With that in mind, Saasu follows a stringent backup and maintenance policy involving the following aspects:

  • Real time transactional replication/backup to a secondary database located in Chicago, USA
  • Full database backups performed daily to a high performance storage area network (SAN)
  • Database transaction log backups performed every 5 minutes to a high performance storage area network (SAN)
  • Complete Database server image backup and database instance backups performed weekly to a tape device held on site for 2 weeks
  • Differential Database server image backup and database instance backups performed daily to a tape device held on site for 2 weeks
  • Full Weekly Database backup in Sydney, Australia
  • Database transaction log backups performed every 15 minutes in Sydney, Australia

Having multiple redundant backups of your data ensures Saasu will never lose your data, even in the event of a large catastrophic incident so that you can feel confident of the fact that your valuable business data is in safe hands.

Continuity of Service

A good question to ask any of your critical service providers is “What happens if you go out of business?”

With Saasu you:

  • Can export your data from the View → Import or Export area. Do this at a frequency that suits your comfort/compliance needs.
  • Are buying a product and service from a profitable company, not a startup. Saasu is still roughly doubling revenues each year.

With a third party service:

  • Synchronise a copy of Sale, Purchase and Contact records in your Saasu file to their database.

If we went into administration we believe they would:

  • Sell the customer base (which is now substantial) and also the intellectual property to a competitor or new owner.
  • Keep the servers running. The provision of the web application is quite low cost relative to this so it would be sensible to leave the application running pending sale of intellectual property and customers.
  • Put the code into the public domain so customers could host or run the application themselves if none of the above was achievable.

Comparison of software and online accounting security

Software Accounting Online Accounting
Employees can copy an accounting software file from your site without a trace. Saasu tracks employee access and logs activity to help you monitor employees.
If stolen, a computer with an accounting software file on it potentially creates a significant privacy, security, and recovery issue. Saasu doesn’t store your data on your local hard drive, so all you need to do is sign into another computer and you are up and running.
A computer is vulnerable to viruses, botnets, trojans and other malicious attacks that read, obtain, or corrupt data on your computer. When you access Saasu you are using a web browser which reads data on our servers.
People often store credit card numbers in accounting software files which is a major security issue if you are not PCI-compliant. Saasu can process card payments with a gateway without storing the card number on your computer.