Security

Your protection is our priority.

Given the highly-sensitive nature of the information we handle, we take our responsibility to keep your data secure extremely seriously. Our best-in-class data security measures far exceed all state and federal regulatory requirements and are informed by AICPA privacy guidelines. Thanks to the extensive precautions we take, BooksTime has a perfect security record and has never suffered a security breach or loss of data.

BooksTime recognizes that businesses cannot afford to take risks when it comes to data security. Our clients include accounting firms, which face elevated risks and need to comply with a host of regulations and professional codes regarding data protection. However, threats against ordinary small businesses – including malware and hacking attempts – have become increasingly common and pose major risks to companies of all types and sizes.

These threats are constantly evolving.It’s absolutely critical to stay up-to-date on potential vulnerabilities. Too many companies rely on outdated security practices and technology. As a result, growing numbers of firms in the United States fall victim to data theft, infection, and other attacks. At BooksTime, we continually review our systems and policies to stay ahead of attackers.

Guaranteed peace of mind

BooksTime is the only bookkeeping firm in the United States that offers a comprehensive Data Protection Guarantee. Click here for details on our Data Protection Guarantee or keep reading to learn more about the steps we take to protect your data and give you peace of mind.

Comprehensive security

BooksTime’s data protection plan covers the Four Pillars of Data Protection:

Our security practices are informed by industry best practices and the AICPA’s Generally Accepted Privacy Principles. Below, you can find selected examples of steps we take in each category to keep client data secure. To schedule an in-depth security consultation, please email security@bookstime.com.

  • Technology
  • Personnel
  • Policies
  • Physical Security

Technology

BooksTime uses state-of-the-art security technology. As a company founded by a network security expert (who previously served as a senior manager at Check Point Technologies, the largest pure-play computer security vendor in the world), our passion and expertise in security technology runs deep.

  • Cutting-edge data transmission and storage protections

    Data transmissions, including emails, are protected with strong long-key encryption technology. Both active-use data and backups are stored securely behind advanced firewalls with redundant access control systems. Password protection is only the beginning. We use multi-layer authentication to ensure only authorized users can access client data. Furthermore, access to specific data is limited to a window in time and can be revoked at any point. Data transmissions are also tracked with a full technical audit trail. Bookkeepers may not open sensitive data transmissions on any portable devices (including cell phones and laptops) or non-company computers.

  • Industry-leading encryption

    We protect client data with strong AES 256 bit encryption. The Advanced Encryption Standard (AES) is a specification established by the National Institute of Standards and Technology for the encryption of electronic data. AES has never been cracked. It is used by the federal government of the United States to protect classified information and is the only public cipher approved by the NSA for top secret information. With 256-bit keys, brute force attackers are faced with more possible combinations than there are atoms in the observable universe. Even with more sophisticated attacks, it would take the fastest supercomputer in the world trillions of years to crack this encryption (reference).

  • Best-in-class QuickBooks security

    Our QuickBooks hosting program is authorized directly by Intuit. Your information is backed up daily and stored in SSAE-16 compliant, Tier 4 data centers with compartmentalized security zones (Tier 4 is the highest tier), biometric access controls, fully-clustered server redundancy (ensuring reliability and availability, as well as enabling effective load balancing), fully encrypted communication and backups, firewall protections, and safeguards in case of natural disasters.

  • Compartmentalization and Anonymization software

    Using proprietary software, we remove sensitive data, such as social security numbers, from client documents. This allows us to ensure that bookkeepers only receive information they need to complete the specific tasks assigned to them.

  • Immediate Failure Response

    Our systems are designed to show if a breach has occurred.Our system also trace the origin of the breach immediately, which allows us to respond quickly. Additionally, in the very unlikely case that an attacker gains access to sensitive data, proprietary technology allows us to delete it before it is viewed. BooksTime has never had a breach thanks to other security measures.As such, we never had to use this feature.

To learn more about the technology we use to protect your data, email us at security@bookstime.com.

Personnel

Data security is about more than just firewalls and encryption. The human component is critical. We are committed to ensuring that everyone who works on our team is not only highly-qualified but also trustworthy with a track record of integrity, dependability, and discretion.

  • Screening

    All our staff are screened extremely carefully. Because our business depends on the integrity of our team members, we reject candidates about whom we have any doubts at all. More than 95% of bookkeeper applicants are rejected before they complete our interview process. Candidates that pass all interviews are vetted for histories of criminal activity and drug use. They are also subjected to standard polygraph tests modeled on those used by the FBI in their hiring process.

  • Legal protections

    Once hired, employees sign strict confidentiality and non-disclosure agreements that cover both BooksTime and our clients. You may contact us for details on the terms of those agreements.

  • Training and Monitoring

    Bookkeepers receive extensive training on data protection best practices and security protocols. They are closely mentored and monitored by supervisors to ensure compliance.

Policies

The following are examples of BooksTime policies designed to minimize risk of data exposure or loss. For more details on our data protection practices, please schedule a call with a security expert.

  • No sharing of data

    BooksTime never sells client data. There are no exceptions.

    BooksTime will never make your data available to anyone outside of BooksTime. The only exceptions are cases where clients grant us explicit written permission in a signed engagement letter to share data with certain parties. Even in these cases, data sharing is conducted only as explicitly agreed with the client. For example, some clients may want us to send certain information to a bank, government agency, or another entity on their behalf. Even then, we will only ever share the data that you have given us permission to share via written agreement, and we will only share it with the parties covered by that written agreement. Click here to review our Privacy Policy.

  • Compartmentalization and Anonymization

    We’ve designed every process with security in mind. Bookkeepers are given access only the data they need to complete the tasks assigned to them. Documents and files are anonymized and scrubbed of unnecessary sensitive data. Bookkeepers never have access to highly-sensitive data such as social security numbers, online login information for bank accounts, etc.

  • Immediate Destruction of Unneeded Data

    We do not store any client data longer than absolutely necessary unless the client requests that we back up their data for them. (For information about backup services, contact sales@bookstime.com.) Any sensitive client data not needed by us or by the client is destroyed without delay to minimize risk.

  • Regular Security Audits and Monitoring

    Our Security Manager regularly conducts security audits to ensure that all security protocols are implemented correctly and security software is both up to date and in use.The Security Manager also coaches bookkeeping team leaders on security best practices. Additionally, all internal and external communications are monitored to ensure compliance.

    We offer free security audits for clients to help them ensure that their data is protected while in their systems and on their premises. If you have any questions or would like to schedule a security audit, please email us at security@bookstime.com.

Physical Security

Physical security is the foundation of any data security strategy. Our physical security precautions include the following:

  • Computers storing sensitive data are kept in locked offices for which only senior managers have keys.
  • Offices are monitored 24/7.
  • Physical documents containing sensitive client data are locked in HIPAA-compliant heavy-duty double-locking metal document containers or safes.
  • Documents are tracked from the time they enter the office until they are shredded or securely returned to the client.
  • Copiers are monitored to prevent unauthorized copying.
  • Staff are prevented from removing any documents or portable devices (such as laptops and USB drives) from the office.

More Details

Our security systems and processes are regularly reviewed and adjusted to ensure they meet the needs of a rapidly evolving security landscape. The protections discussed above are a selection of examples from our data security plan at the time of the original publication of this page and may differ from protections currently in place. The steps we take to protect you may differ based on new developments in security technology, specific requests made by clients, the terms of our engagement, and other factors. For more information or to schedule a security consultation, contact security@bookstime.com.

International firms: Please note that BooksTime is based in the United States and cannot accommodate clients who do not wish their data to be stored on servers in the United States.

Talk To A Bookkeeping Expert

A bookkeeping expert will contact you during business hours to discuss your needs.

QB_enterprise
QB_Advanced
QB_Desktop
QB_PointofSale
Billcom
Xero
Hubdoc
Mindbody
Expensify
GustoPartner
BBB
Shopify