Given the highly-sensitive nature of the information we handle, we take our responsibility to keep your data secure extremely seriously. Our best-in-class data security measures exceed state and federal regulatory requirements and are informed by AICPA privacy guidelines.
BooksTime was co-founded by a CPA and cybersecurity expert, so attention to security and internal controls is in our company’s DNA. Plus, BooksTime is one of the only bookkeeping firms in the US that has full-time, in-house security staff.
BooksTime recognizes that businesses cannot afford to take risks when it comes to data security. Our clients include accounting firms, which face elevated risks and need to comply with a host of regulations and professional codes regarding data protection. However, threats against ordinary small businesses – including malware and hacking attempts – have become increasingly common and pose major risks to companies of all types and sizes.
These threats are constantly evolving. It’s absolutely critical to stay up-to-date on potential vulnerabilities. Too many companies rely on outdated security practices and technology. As a result, growing numbers of firms in the United States fall victim to data theft, infection, and other attacks. At BooksTime, we continually review our systems and policies to stay ahead of attackers.
BooksTime is the only bookkeeping firm in the United States that offers a comprehensive Data Protection Guarantee. Review our Data Protection Guarantee or keep reading to learn more about the steps we take to protect your data and give you peace of mind.
Our security practices are informed by industry best practices and the AICPA’s Generally Accepted Privacy Principles. Below, you can find selected examples of steps we take in each category to keep client data secure. To schedule an in-depth security consultation, please email security@bookstime.com.
BooksTime uses state-of-the-art security technology. As a company co-founded by a cybersecurity expert (previously a senior manager at Check Point Technologies, one of the largest pure-play computer security vendors in the world), our passion and expertise in security technology runs deep.
Cutting-edge data transmission and storage protections
Data transmissions, including emails, are protected with strong long-key encryption technology. Both active-use data and backups are stored securely behind advanced firewalls with redundant access control systems. Password protection is only the beginning. We use multi-layer authentication to ensure only authorized users can access client data. Furthermore, access to specific data is limited to a window in time and can be revoked at any point. Key data transmissions are also tracked with a full technical audit trail. Bookkeepers are restricted from opening certain sensitive data transmissions on portable devices (including cell phones and laptops) or non-company computers.
Industry-leading encryption
We protect client data with strong AES 256 bit encryption. The Advanced Encryption Standard (AES) is a specification established by the National Institute of Standards and Technology for the encryption of electronic data. AES has never been cracked. It is used by the federal government of the United States to protect classified information and is the only public cipher approved by the NSA for top secret information. With 256-bit keys, brute force attackers are faced with more possible combinations than there are atoms in the observable universe. Even with more sophisticated attacks, it would take the fastest supercomputer in the world trillions of years to crack this encryption.
Best-in-class QuickBooks security
Our QuickBooks hosting program is authorized directly by Intuit. Your information is backed up daily and stored in SSAE-16 compliant, Tier 4 data centers with compartmentalized security zones (Tier 4 is the highest tier), biometric access controls, fully-clustered server redundancy (ensuring reliability and availability, as well as enabling effective load balancing), fully encrypted communication and backups, firewall protections, and safeguards in case of natural disasters.
Compartmentalization
Our software and processes allow us to ensure that bookkeepers only receive the minimum accesses and information they need to complete the specific tasks assigned to them.
Immediate Failure Response
Our systems are designed to show if a breach has occurred. Our system also traces the origin of the breach immediately, which allows us to respond quickly. Additionally, in the very unlikely case that an attacker gains access to sensitive data, certain advanced security technology can help delete that data before it is used.
To learn more about the technology we use to protect your data, email us at security@bookstime.com.
Data security is about more than just firewalls and encryption. The human component is critical. We are committed to ensuring that everyone who works on our team is not only highly-qualified but also trustworthy with a track record of integrity, dependability, and discretion.
Screening
All our staff are screened extremely carefully. Because our business depends on the integrity of our team members, we reject candidates if we have any concerns about trustworthiness. More than 95% of bookkeeper applicants are rejected before they complete our interview process. Candidates that pass all interviews are also vetted through some combination of other methods, which may include common methods such as reference checks and criminal background checks, but also more advanced methods, such as standard polygraph tests modeled on those used by the FBI in their hiring process, psychological examinations, and/or other methods.
Legal protections
Once hired, employees sign strict confidentiality and non-disclosure agreements that cover both BooksTime and our clients. You may contact us for details on the terms of those agreements.
Training and Monitoring
Bookkeepers receive extensive training on data protection best practices and security protocols. They are closely mentored and monitored by supervisors to ensure compliance.
The following are examples of BooksTime policies designed to minimize risk of data exposure or loss. For more details on our data protection practices, please schedule a call with a security expert.
No sharing of data
BooksTime never sells client data. There are no exceptions.
BooksTime will never make your data available to anyone outside of BooksTime. The only exceptions are cases where clients grant us written permission in a signed engagement letter to share data with certain parties. Even in these cases, data sharing is conducted only as agreed with the client. For example, some clients may want us to send certain information to a bank, government agency, or another entity on their behalf. Even then, we will only ever share the data that you have given us permission to share via written agreement, and we will only share it with the parties covered by that written agreement. Click here to review our Privacy Policy.
Compartmentalization and anonymization
We’ve designed every process with security in mind. Bookkeepers are given access only the data they need to complete the tasks assigned to them. Documents and files are anonymized and scrubbed of unnecessary sensitive data.
Destruction of unneeded data
To minimize risk, data that we know will not be needed again in the future is subject to retention policies intended to ensure the destruction of unneeded data (unless back-up data is requested or needed, naturally).
Continual security monitoring
Our security advisor monitors to ensure that security protocols are implemented correctly and security software is both up to date and in use. He also coaches bookkeeping team leaders on security best practices. Additionally, internal and external communications are monitored to ensure compliance.
We offer free security audits for clients to help them ensure that their data is protected while in their systems and on their premises. If you have any questions or would like to schedule a security audit, please email us at security@bookstime.com.
Our security systems and processes are regularly reviewed and adjusted to ensure they meet the needs of a rapidly evolving security landscape. The protections discussed above are a selection of examples from our data security plan at the time of the original publication of this page and may differ from protections currently in place. The steps we take to protect you may differ based on new developments in security technology, specific requests made by clients, the terms of our engagement, and other factors. For more information or to schedule a security consultation, contact security@bookstime.com.
International firms: Please note that BooksTime is based in the United States and cannot accommodate clients who do not wish their data to be stored on servers in the United States.
A bookkeeping expert will contact you during business hours to discuss your needs.
