CONFIDENTIAL | 1
Security and Operations
Trusting Your Financials to the Cloud
2
Early Decisions…
 Who is our customer?
– Design for accounting and finance professionals
– Enable a community of partne...
3
The Intacct API
 Accessible via Web Services or custom business logic (triggers)
 Access to all standard and custom ob...
4
The Commercial Packaging
Included
Customization
Services
Optional
Web Services
Optional
Platform
 Extensions to standar...
5
Intacct Operations
6
Primary Data Center
 World class Savvis Hosting Center
– Access to premium services and network connectivity
– Multi-la...
7
Backup and Monitoring
 Backups
– Full nightly backups
– Nightly logical exports
– 96 hours of transaction “roll-back” c...
8
Disaster Recovery Center
 Applications are guaranteed to be back up and available within 24 hours even if Savvis
data c...
9
Data Security
 All Intacct employees undergo background checks before hire
 Secured networks and production assets:
– ...
10
Buy With Confidence—Why It is Your Friend
 Intacct’s guarantee to your customers
 Covers all Intacct users
 We pay, ...
11
What Does the BWC Cover
Uptime
Response Time
Fix Times
Futures
PS Quality
(Direct)
12
Transparency Operations
https://us.intacct.com/status
13
SSAE 16 SOC 1 Type II AuditType II
• Report is for a period of
time as opposed to a
single point in time
• Includes ong...
14
Intacct’s Control Objectives are Broad
Control Objective No. 1 – Management and Organization: Control activities provid...
15
Other Certifications and Compliance
Privacy Policy
16
Governance & Compliance
 GAAP / SOX Compliant
 Complete Audit Trails
 SAS 70 Type II Certified
 PCI DSS Compliant
...
Upcoming SlideShare
Loading in …5
×

Intacct Security and Operations

532 views
357 views

Published on

Learn about some of the details of the Intacct datacenters and measures of security that Intacct takes to protect the cloud they provide to house your accounting and finance data. See why industry experts say that very few - if any - small to medium businesses could spend this kind of money and takes these measures to protect their data and systems.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
532
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Intacct Security and Operations

  1. 1. CONFIDENTIAL | 1 Security and Operations Trusting Your Financials to the Cloud
  2. 2. 2 Early Decisions…  Who is our customer? – Design for accounting and finance professionals – Enable a community of partners  Product Strategy – Best-in-class—stay focused on accounting and finance apps – Multi-ledger—build a reusable framework is always the approach – Double-entry – Approach to the close  Technology – Multi-tenancy – Web Services in the first version – Php / linux / apache on top of oracle – Commodity hardware, open source systems, premium networking, premium hosting
  3. 3. 3 The Intacct API  Accessible via Web Services or custom business logic (triggers)  Access to all standard and custom objects and fields  Standard Create, Read, Update, Delete plus readByQuery(), readView()  Specialty objects designed for external use like GL Total, GL Detail Roughly 50% of Intacct transactions post via Web Services
  4. 4. 4 The Commercial Packaging Included Customization Services Optional Web Services Optional Platform  Extensions to standard objects, including  Custom Fields, Smart Rules, Smart Links, and Smart Events  Access to Intacct’s API  Used when integrating an application that is external to the Intacct Service  Also use to automate Intacct processes via external scripts  Includes all Customization Services +  Access to Intacct’s custom application development environment  Hosting of your custom application within Intacct production operations
  5. 5. 5 Intacct Operations
  6. 6. 6 Primary Data Center  World class Savvis Hosting Center – Access to premium services and network connectivity – Multi-layer power generation – State-of-the-art fire suppression – Redundant HVAC – Other customers include Salesforce.com, UBS, Adobe, Workday, Merrill Lynch, Goldman Sachs, Rueters, etc  Network – Connections to multiple backbones – Ample bandwidth burst capacity – Redundant paths and equipment  Hardware – Standard “commodity” servers and other hardware – All 100% owned by Intacct – Access controlled cages; managed only by Intacct personnel
  7. 7. 7 Backup and Monitoring  Backups – Full nightly backups – Nightly logical exports – 96 hours of transaction “roll-back” capability–to the minute – Backups kept on local disk, tape and off-site – Backups and Redo logs pushed to Disaster Recovery site – Quarterly database restore testing – Annual Disaster Recovery testing  Monitoring – Redundant external monitoring from multiple Internet locations – Daily posting of performance on the Intacct website – Internal system monitors if fine detail (~900 service points)24x7 monitoring and response coverage – Detailed performance and usage information allows us to spot issues – before they become problems
  8. 8. 8 Disaster Recovery Center  Applications are guaranteed to be back up and available within 24 hours even if Savvis data center is completely destroyed – Never lose more than two hours of work – Regularly exercised by Intacct  No charge to Intacct clients Recovery Inventory Data Center Sacramento, CA Disaster Servers Collected Data Internet Intacct - Savvis Data Center San Jose, CA Hot standby Separate geography
  9. 9. 9 Data Security  All Intacct employees undergo background checks before hire  Secured networks and production assets: – Intacct corporate networks are secure – Production networks are segregated with further access restrictions – Very limited and controlled access (both physical and logical) to all production assets – Continuous internal threat monitoring and periodic 3rd party testing  Secure application: – Access to customer data controlled by the customer; must be granted, even to Intacct support – Browser sessions all secure – Partners have an important part to play
  10. 10. 10 Buy With Confidence—Why It is Your Friend  Intacct’s guarantee to your customers  Covers all Intacct users  We pay, you don’t  Industry 1st  Industry most comprehensive
  11. 11. 11 What Does the BWC Cover Uptime Response Time Fix Times Futures PS Quality (Direct)
  12. 12. 12 Transparency Operations https://us.intacct.com/status
  13. 13. 13 SSAE 16 SOC 1 Type II AuditType II • Report is for a period of time as opposed to a single point in time • Includes ongoing observations and testing SOC 1 • Service Organization Control report • SOC 1 = restricted to controls relevant to audit of a user entity’s financial statements (like SAS 70) • SOC 2 & SOC 3 = reports on non-financial controls at a service organization Audit • Examination, documentation and testing of an array of internal controls • Control “objectives” specific to Intacct SSAE 16 • Replaces SAS 70 • Statement on Standards for Attestation Engagements No. 16 • To assure safety and integrity of data while in the hands of a third party service organization
  14. 14. 14 Intacct’s Control Objectives are Broad Control Objective No. 1 – Management and Organization: Control activities provide reasonable assurance that discipline and structure are an integral part of the organization and influence the control consciousness of its personnel. Control Objective No. 2 – Physical Access and Environmental Security: Control activities provide reasonable assurance that access to and movement within the corporate facility is properly controlled and monitored. Additionally, access to server rooms, storage media, and other critical infrastructure is limited based on job responsibilities Control Objective No. 3 – Data Backup and Restore: Control activities provide reasonable assurance that timely and periodic data backups are preformed and the associated restore process is tested, access to backup data is limited, and offsite backups are maintained. Control Objective No. 4 – System Availability: Control activities provide reasonable assurance that primary runtime systems are maintained in a manner that helps ensure system availability. Control Objective No. 5 – Service Level Agreement: Controls provide reasonable assurance that policies and procedures are in place and appropriately followed such that Intacct can meet the systems availability objectives of its Buy-with- Confidence service level agreement. Control Objective No. 6 – Logical Access Security: Control activities provide reasonable assurance that system information, once entered into the system, is protected from unauthorized or unintentional use, modification, addition or deletion. Procedures are also in place to keep authentication and access mechanisms effective. Control Objective No. 7 – Change Management: Control activities provide reasonable assurance that changes to Intacct’s on-demand financial management and accounting applications and supporting systems are properly authorized, tested, approved, implemented and documented. Control Objective No. 8 – Network Security: Control activities provide reasonable assurance that the security infrastructure limits unauthorized access to internal networks and external threats are appropriately limited.
  15. 15. 15 Other Certifications and Compliance Privacy Policy
  16. 16. 16 Governance & Compliance  GAAP / SOX Compliant  Complete Audit Trails  SAS 70 Type II Certified  PCI DSS Compliant  Granular Access Control  Smart Rules / Alerts  Automated Sales Tax

×