2. 2
Why should I use Acumatica SaaS (public cloud) instead of a
private cloud version and host it on my own?
Acumatica SaaS includes a range of benefits that come standard
with your subscription.
These benefits are provided by Acumatica using Amazon Web
Services (AWS), are backed by our SLA, and surpass the benefits
you would gain from most external hosting providers.
This includes disaster recovery, backup service, 24/7 access, high
availability, monitoring, software updates, and application
maintenance.
For private cloud deployments, Acumatica offers and Private
Cloud Subscription (PCS) license models as well.
Acumatica SaaS (Public cloud)
3. 1. General Information
2. Access
3. Backup & Maintenance
4. Data Retention
5. Data Recovery
Acumatica SaaS Data Security and Deployment questions
6. Configuration
7. Security Protection
8. Compliance
9. AICPA SOC Audit
Table of Content:
4. Amazon Web Services (AWS) and can be accessed from any web browser on any Internet-connected device. You can pay as you go,
and easily scale resources up or down based on growth or changing business needs. Free yourself from the complexities and costs of
managing hardware and maintaining software. Additionally, a SaaS deployment enables Acumatica to ensure the highest levels of
security, availability, and performance.
Acumatica reserves resources to ensure consistent performance – even during peak hours – as long as you have purchased the right
Resource Level for your needs. Please work with your Acumatica partner to make sure you are at the right Resource Level.
How does Acumatica monitor the environment to ensure that I receive consistent performance?
Acumatica uses 24/7, modern monitoring tools that continuously review system operations and automatically alert our engineers
in the event performance or other operating criteria does not fall within our strict performance guidelines.
General Information: (1 of 2)
▪ Access anywhere and pay as you go
▪ Consistent Performance
▪ 24/7 Monitoring by Acumatica
5. General Information: (2 of 2)
▪ Microsoft SQL Server that you also can restore at local server:
▪ Switch plan SaaS V.S. Private Cloud license is doable and easy:
▪ In case you wanted the optional paid backup access service:
Acumatica SaaS currently uses Microsoft SQL Server. Other database options exist for private cloud deployments.
Your data backups are fully intact in a relational database. All elements in your data are made available to you such that they can be
restored should you choose to ever resume your subscription. You can also restore your data on your local SQL server environment.
With Acumatica, you can switch license or subscription type easily. Typically, the switching process takes between 3 to 7 business days.
Please work with your partner who will migrate you. We will provide a copy of your data at no extra charge to your partner for this
purpose.
The optional paid backup access service provides you with anytime access to 7 days of rolling backups. This allows you to download
and store a copy of your data using SFTP. Standard fees apply if you need to restore or roll-back your production environment.
Subscribers to this service get this benefit in addition to all standard backup procedures.
6. Access:
▪ Accessible from any web browser with your domain:
▪ Manage automatedly within Acumatica SaaS upon environment settle:
▪ Single Database to kill Silos:
We will provide you with a URL to your Acumatica SaaS ERP solution, accessible from any web browser on any device with an Internet
connection. This URL uses a prefix you choose in the format .acumatica.com, but we can also help you create a custom domain URL
(xxx.yourdomain.com) if you provide us with your SSL certificate.
Acumatica manages the work involved in setting up and provisioning the application, as well as configuring the initial environment
for you to access your Acumatica SaaS instance. Once your Acumatica environment is accessible, Acumatica automates common
administrative tasks, such as performing backups, software updates, and continuous monitoring and tuning, including multi-
homed internet and power backup.
Each Acumatica SaaS subscription is housed in a single database where you can track financials separately for an unlimited number
of related companies and for up to 3, 10, or 20, or more stand-alone companies depending on edition. Stand-alone companies within
the database allows you to decide what elements should be separated or shared between them, such as chart of accounts,
customers, employees, etc.
7. Backup & Maintenance: (1 of 2)
▪ Automate Backup and also Database Snapshots capable:
▪ Automated Backup Schedule at 2-hour duration:
Acumatica performs continuous automated backups of your data at no extra charge. You can request a copy of your data for a fee per
copy, or you can subscribe to an optional backup access service with an annual subscription fee.
Acumatica also comes with a database snapshot feature, which allows you to take snapshots of your company and restore them at a
later time. Each snapshot is a complete copy of your database, so your snapshots could quickly add up to the total storage you have
subscribed to. Snapshots will only work if there is enough free capacity available within your subscription.
All transactional data is backed up daily on a rolling backup schedule. Additionally, incremental backups of transaction logs are
performed frequently throughout the current day. All backups are replicated to an additional geographic zone for an additional layer
of protection and disaster recovery. Access to backups is provided for a fee or by purchasing an optional backup access service.
Acumatica’s backup window is an approximately 2-hour duration during which your instance is backed up on a daily basis. It is
scheduled between 12am-6am. During the backup window, the system may experience slower response times.
8. Backup & Maintenance: (2 of 2)
▪ Maintenance window is rare:
Acumatica may carry out scheduled maintenance, or in rare circumstances, unscheduled maintenance. Scheduled maintenance is
usually communicated with at least a week’s advance notice. The scheduled maintenance window averages less than 30 minutes
each week, and typically occurs during non-peak hours or weekends.
Scheduled maintenance does not count against the uptime guarantee.
From time to time, unscheduled maintenance may be required. Acumatica will attempt to notify you in advance of any unscheduled
maintenance event. Unscheduled maintenance counts against the uptime guarantee.
9. Data Retention:
▪ A several concurrent retention schedules to keep your data safe:
▪ We keep your data even license expired:
Several concurrent retention schedules have been implemented:
1.Daily backups are retained for 4 days.
2.The last backup of each week is retained for 4 weeks.
3.The backup taken on the last day of the month is retained for 4 months.
4.The last backup of the quarter is retained for 1 year.
If I do not renew on time, will Acumatica keep my data?
Upon your expiration date, your account will become suspended for a period of 30 days. During the suspension period, your data
is intact and can be reactivated upon your renewal. You will not be able to access Acumatica SaaS during the suspension period.
At the end of the suspension period, your data will be permanently deleted.
10. In the event of a disaster, should my system go down, what is the recovery process?
Acumatica backs up all transactional data to an additional geographic zone for an additional layer of protection and disaster recovery.
In the event of a disaster where a datacenter hosting your service is completely shut down, Acumatica will quickly go through a fail-over
recovery procedure and your service will resume from an alternate datacenter. Acumatica’s SLA uptime guarantee will continue to
provide you protection during this duration.
You can restore any prior snapshots by using the restore feature within Acumatica. However, do take extra precautions when restoring
snapshots because they override your current production environment. We encourage you to restore snapshots outside business hours,
and to first take an additional snapshot of your current production environment before restoring a prior snapshot.
Will I need to buy another license if I want to install Acumatica for failover purposes?
No. Failover protection is already built into Acumatica SaaS.
Data Recovery:
▪ Additional layer of protection and disaster recovery:
▪ You can restore a database snapshot:
▪ Failover protection is built into Acumatica SaaS:
11. Acumatica supports load balancing and multiple server configurations. Load balancing is useful when you want to spread your system
load across multiple servers. This way, you benefit from the performance of two servers instead of one, and you also ensure high
availability, which means that if one server were to go down, the other server will take over and the system remains up.
Configuration:
▪ No server down issue, from Load balancing configuration:
▪ Reduce upgrade cost from data access layers that support the complex customize:
▪ Integration same like ODBC access within Acumatica API:
Acumatica provides a full set of documentation of its development platform APIs. This allows you to build complex customizations using
data access layer objects, eliminating the need for the database schema.
This has an added benefit of ensuring customizations remain functional despite database changes, and reduces the cost of maintaining
customizations during upgrades, among other benefits.
•Save time by eliminating the need to learn complex database structures.
•Ensure system stability by guarding against human error that can threaten the referential integrity of your data or impact performance.
•Reduce cost of maintaining customizations during upgrades. Customizations remain functional despite database changes, because the
APIs change less frequently.
•Consistent enforcement of your security policies. By going through the data access layers and APIs instead of going direct to the
database, all your customizations and reports will respect your security configurations.
12. Security Protection: (1 of 3)
▪ You have your unique data stored in separate database.
Is my data stored in the same area as other clients?
Unlike many web-based applications, with Acumatica every subscriber’s data is stored in a separate database.
This way, every Acumatica subscription enjoys better data security and can be on their own versions of Acumatica. At the same time,
they can take advantage of Acumatica’s multi-tenant architecture to add additional completely separate entities within that same
subscription.
Data is never stored on the user’s computer. All data remains on Acumatica servers. As users complete forms only small bits of data
are transferred to the web browser – and even then only for a brief instant. Once forms are completed, no data remains in the browser.
All transmission is secure and encrypted using SSL technologies.
13. Acumatica’s intrusion detection system (IDS) detects any attempt to compromise the confidentiality, integrity or availability of your
data, or to circumvent security controls. In the event of such an attempt, the intruder is locked out of the system, and investigation is
conducted to identify and apprehend the intruder. Acumatica can also restrict user logins to specific IP addresses.
Security Protection: (2 of 3)
▪ Protect your org from unauthorized access:
▪ Also unique credentials of your own users access:
▪ Protected you against physical and environment threats:
With Acumatica, each user can be assigned unique security credentials. These credentials can be role-based or highly specific to
individual users. The unlimited users at your organization, each individual’s login is unique and activities can be tracked.
Acumatica SaaS is hosted on Amazon Web Services (AWS) to ensure we provide the world’s best cloud infrastructure with Acumatica
SaaS. AWS follows strict guidelines and uses state of the art architectural and engineering approaches to guard against physical and
environmental threats. It has extensive experience in designing, constructing and operating large-scale datacenters. Physical access
is strictly controlled, both at the perimeter and at ingress points by security staff and video surveillance. All staff members pass two-
factor authentication to access the datacenter. All visitors and contractors are required to present identification and escorted by
authorized staff. There are also fire detection and suppression, power, climate and temperature, and electromechanical support
systems.
14. Acumatica uses enterprise-class anti-virus software to continuously monitor your SaaS environment and prevent, detect and
remove malicious viruses and other types of malware, such as Trojan horses, worms, fraudtools, spyware, browser hijackers,
keyloggers, and more.
Security Protection: (3 of 3)
▪ Protect your data from viruses:
▪ In case of security violation/incident occurs:
Please inform us immediately providing any details regarding the incident at Report a Security Issue. Acumatica Incident Response
Team will be involved and you will have feedback during the next 24 hours.
15. Compliance:
▪ Acumatica is Payment Card Industry (PCI) compliant:
▪ Government & Industry requirements compliant:
In addition of web-hosting. Acumatica SaaS adds an additional layer of safety to PCI compliance by ensuring credit card
information is neither stored nor transmitted between you and the Acumatica servers. Credit card information is only entered on
the client browser and exchanged directly with the credit card processing provider. This allows you to be fully compliant.
Acumatica SaaS is hosted on Amazon Web Services (AWS) to ensure we provide the world’s best cloud infrastructure with Acumatica
SaaS. AWS infrastructure and solutions are in compliance with regulations, standards and best practices, including the following listed
below. Please contact Acumatica if you have certain compliance requirements and Acumatica will review and provide possible
options. Depending on your needs, additional fees may apply.
•For Canadian customers, Acumatica SaaS can be hosted at an Amazon Web Services (AWS) facility located within Canada which is in
compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), as required by Canadian Law.
•PCI DSS Level 1
•HIPAA
•SOC 1/SSAE 16/ISAE 3402
•SOC 3
•ISO 27001
•FedRAMP(SM)
•ITAR
•FIPS 140-2
•CSA
16. AICPA SOC Audit:
▪ What is a SOC Audit?
The SOC (Service Organization Controls) Reports are issued after a series of audits based on a set of AICPA standards that measure the
control of financial information in a service organization, such as a SaaS provider. It is designed to audit the SaaS provider in areas that
include risks, controls, security, confidentiality and availability associated with outsourcing services.
Acumatica initially completed SOC 1 and SOC 2 audits in October of 2016. Find out more about AICPA SOC audits and reports here.
▪ Why is this important for Acumatica customers?
SOC compliance is important to SaaS customers because they are outsourcing their business applications to a service organization that
has been proven to have the resources (people, process, and technology) to safely, effectively host and maintain their applications and
data. Customers may choose to outsource the operation of their applications, but they are still responsible for establishing effective
controls over those outsourced functions. The SOC audit provides verification that a SaaS provider has the controls to monitor, assess,
and address the possible risks associated with outsourcing of applications and data. Acumatica has successfully completed the audits
for SOC 1 and SOC 2. The two audits are:
▪SOC 1 Report – User Entities’ Internal Control over Financial Reporting
▪SOC 2 Report— Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy