Security with Intacct financial software systems

If you've used Google or Amazon, you've used a cloud application—very much like Intacct. But other than making sure your credit information is secure, you may not have thought much about how Google or Amazon protect you and your confidential information.

At Intacct, we've given it a lot of thought. You're entrusting us with your company's highly confidential business information. And we take that seriously. So seriously, that we're committed to exceeding your expectations for protecting and securing your confidential business applications and data.

We operate redundant Fortune 100-class data centers, and we've built a specific set of operational characteristics into the system that has helped to ensure the highest levels of privacy, availability, integrity, and security for our customers for more than 12 years. But there's much more. We guarantee:

• 99.8% or greater application availability is guaranteed; actual availability is much greater
• In case of major disaster, applications will be back up and running within 24 hours
• Continuous local backups plus streaming backups to remote disaster recovery center
• Last 24 hours of transactions continuously preserved in Oracle redo logs
• Maintains SSAE 16 SOC1 Type II audited processes and controls plus PCI DSS certification
• Monitors application performance and responsiveness constantly from around the world
• Monitors and manages system operations 24x7x365
• Commitment to transparency, with real-time system status always available on www.intacct.com/status

Application availability

Intacct runs in Fortune 100-class data centers in San Jose, CA, operated by Savvis, and in Sacramento, CA, operated by Herakles. These world-class data centers feature:

• 7x24x365 monitoring and operations
• Multiple fiber trunks
• Mirrored RAID storage
• Standby servers
• Redundant network components
• Redundant uninterruptable power supplies
• Parallel redundant generators
• Full application and data recovery within 24 hours in case of a major disaster

Application security

Intacct has built robust security measures directly into the application to pre-empt any attack that could jeopardize the integrity of your data. These measures include:

• Access controlled by 3-part authentication
• Password changes enforced at specified intervals
• Strict session management, including automatic session and login timeouts
• Highly granular permissions and access controls
• Optionally set acceptable IP ranges from which users may log in

System integrity and security

A system is vulnerable if it allows an unauthorized program or system to circumvent or disable security protections and access confidential information.

At the foundation of the Intacct platform is the system’s high level of system integrity. System integrity is our commitment to maintain design and development practices intended to prevent unauthorized programs, systems, and users from gaining access, or control, of key system processes and resources—and ultimately your application data. Here’s how we protect your business:

• SSAE 16 SOC1 Type II audited and PCI DSS certified
• Tightly restricted access to production data including biometric access controls
• Hardened networks and firewalls
• Real-time activity log tracking
• Automated security scanning and third party white hat penetration testing
• Virus resistance reinforced through software architecture
• Oracle database secured with advanced security
• All data transmission is encrypted with minimum 128-bit encryption

Data redundancy

Intacct provides a high-end redundant infrastructure, helping to ensure you can access information at any time of day, every day of the year.

• Built on highly reliable Oracle database infrastructure
• Full daily backups of all data to multiple locations
• Transaction data backed-up continuously
• Transaction data securely streamed to remote disaster recovery center
• Complete copies of customer applications and data are available for a nominal fee
• Customers explicitly own their own data, and may download this data at any time