Given the highly-sensitive nature of the information we handle, we take our responsibility to keep your data secure extremely seriously. Our best-in-class data security measures far exceed all state and federal regulatory requirements and are informed by AICPA privacy guidelines. Thanks to the extensive precautions we take, BooksTime has a perfect security record and has never suffered a security breach or loss of data.
BooksTime recognizes that businesses cannot afford to take risks when it comes to data security. Our clients include accounting firms, which face elevated risks and need to comply with a host of regulations and professional codes regarding data protection. However, threats against ordinary small businesses – including malware and hacking attempts – have become increasingly common and pose major risks to companies of all types and sizes.
These threats are constantly evolving.It’s absolutely critical to stay up-to-date on potential vulnerabilities. Too many companies rely on outdated security practices and technology. As a result, growing numbers of firms in the United States fall victim to data theft, infection, and other attacks. At BooksTime, we continually review our systems and policies to stay ahead of attackers.
BooksTime’s data protection plan covers the Four Pillars of Data Protection:
Our security practices are informed by industry best practices and the AICPA’s Generally Accepted Privacy Principles. Below, you can find selected examples of steps we take in each category to keep client data secure. To schedule an in-depth security consultation, please email firstname.lastname@example.org.
BooksTime uses state-of-the-art security technology. As a company founded by a network security expert (who previously served as a senior manager at Check Point Technologies, the largest pure-play computer security vendor in the world), our passion and expertise in security technology runs deep.
Data transmissions, including emails, are protected with strong long-key encryption technology. Both active-use data and backups are stored securely behind advanced firewalls with redundant access control systems. Password protection is only the beginning. We use multi-layer authentication to ensure only authorized users can access client data. Furthermore, access to specific data is limited to a window in time and can be revoked at any point. Data transmissions are also tracked with a full technical audit trail. Bookkeepers may not open sensitive data transmissions on any portable devices (including cell phones and laptops) or non-company computers.
We protect client data with strong AES 256 bit encryption. The Advanced Encryption Standard (AES) is a specification established by the National Institute of Standards and Technology for the encryption of electronic data. AES has never been cracked. It is used by the federal government of the United States to protect classified information and is the only public cipher approved by the NSA for top secret information. With 256-bit keys, brute force attackers are faced with more possible combinations than there are atoms in the observable universe. Even with more sophisticated attacks, it would take the fastest supercomputer in the world trillions of years to crack this encryption (reference).
Our QuickBooks hosting program is authorized directly by Intuit. Your information is backed up daily and stored in SSAE-16 compliant, Tier 4 data centers with compartmentalized security zones (Tier 4 is the highest tier), biometric access controls, fully-clustered server redundancy (ensuring reliability and availability, as well as enabling effective load balancing), fully encrypted communication and backups, firewall protections, and safeguards in case of natural disasters.
Using proprietary software, we remove sensitive data, such as social security numbers, from client documents. This allows us to ensure that bookkeepers only receive information they need to complete the specific tasks assigned to them.
Our systems are designed to show if a breach has occurred.Our system also trace the origin of the breach immediately, which allows us to respond quickly. Additionally, in the very unlikely case that an attacker gains access to sensitive data, proprietary technology allows us to delete it before it is viewed. BooksTime has never had a breach thanks to other security measures.As such, we never had to use this feature.
To learn more about the technology we use to protect your data, email us at email@example.com.
Data security is about more than just firewalls and encryption. The human component is critical. We are committed to ensuring that everyone who works on our team is not only highly-qualified but also trustworthy with a track record of integrity, dependability, and discretion.
All our staff are screened extremely carefully. Because our business depends on the integrity of our team members, we reject candidates about whom we have any doubts at all. More than 95% of bookkeeper applicants are rejected before they complete our interview process. Candidates that pass all interviews are vetted for histories of criminal activity and drug use. They are also subjected to standard polygraph tests modeled on those used by the FBI in their hiring process.
Once hired, employees sign strict confidentiality and non-disclosure agreements that cover both BooksTime and our clients. You may contact us for details on the terms of those agreements.
Bookkeepers receive extensive training on data protection best practices and security protocols. They are closely mentored and monitored by supervisors to ensure compliance.
The following are examples of BooksTime policies designed to minimize risk of data exposure or loss. For more details on our data protection practices, please schedule a call with a security expert.
BooksTime never sells client data. There are no exceptions.
We’ve designed every process with security in mind. Bookkeepers are given access only the data they need to complete the tasks assigned to them. Documents and files are anonymized and scrubbed of unnecessary sensitive data. Bookkeepers never have access to highly-sensitive data such as social security numbers, online login information for bank accounts, etc.
We do not store any client data longer than absolutely necessary unless the client requests that we back up their data for them. (For information about backup services, contact firstname.lastname@example.org.) Any sensitive client data not needed by us or by the client is destroyed without delay to minimize risk.
Our Security Manager regularly conducts security audits to ensure that all security protocols are implemented correctly and security software is both up to date and in use.The Security Manager also coaches bookkeeping team leaders on security best practices. Additionally, all internal and external communications are monitored to ensure compliance.
We offer free security audits for clients to help them ensure that their data is protected while in their systems and on their premises. If you have any questions or would like to schedule a security audit, please email us at email@example.com.
Physical security is the foundation of any data security strategy. Our physical security precautions include the following:
Our security systems and processes are regularly reviewed and adjusted to ensure they meet the needs of a rapidly evolving security landscape. The protections discussed above are a selection of examples from our data security plan at the time of the original publication of this page and may differ from protections currently in place. The steps we take to protect you may differ based on new developments in security technology, specific requests made by clients, the terms of our engagement, and other factors. For more information or to schedule a security consultation, contact firstname.lastname@example.org.
International firms: Please note that BooksTime is based in the United States and cannot accommodate clients who do not wish their data to be stored on servers in the United States.
A bookkeeping expert will contact you during business hours to discuss your needs.