Sage Intacct has been in the business of accounting software for over two decades, and was one of the first cloud companies to become a major player in the cloud accounting and ERP game. Knowing this, they have spent this time improving and refining their product to improve usability, simplicity, and security. Recently, the company announced that it has received SOC II Type II certification, an audit and certification program that beefs up their background and gives customers another level of trust.
Today, we would like to explore some of their previous certifications, as well as the newest one, and discuss why this is so important for customers looking to Buy with Confidence® and find a secure cloud accounting and ERP software.
Sage Intacct Takes Security and Privacy Seriously
Sage Intacct has been in the business of handling financial data, easing transactions, and simplifying accounting for companies of all sizes since 1999, and knows how serious data protection is—especially in the wake of breaches. While the SOC 2 certification is the latest in the long list of certifications and successful audits, they needed to complete others in order to appease customers and ensure protection.
SSAE 18 SOC 1 Type II
A somewhat necessary documentation for companies that handle financial data, A SOC 1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting.
The SOC1 Report was previously considered to be the standard SAS70 (or SSAE 16), complete with a Type I and Type II reports, but now falls under the SSAE 18 guidance (as of May 1, 2017).
This audit is designed to prove that internal controls are in place and that customers can trust that there are monitoring activities and evidence regarding the design and operating effectiveness of controls. For more information on SOC 1, see Wipfli’s SOC Examinations Page. As a service provider and a company that relies on the trust of its customer base, Sage Intacct takes its SOC 1 reports seriously, receiving twice-annual SSAE 18 SOC 1 Type II audits.
PCI DSS Level 1 Certified
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. A requirement for any company handling credit card information and cardholder data, Level 1 is the highest compliance level (for companies handling more than 6M Visa Transactions per year).
Companies that meet Level 1 must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor.
Privacy Shield Certification
In addition to SSAE 18 (SOC 1 Type II) and PCI-DSS, Sage Intacct was also certified by Privacy Shield, a US-EU and US-Switzerland agreement administered by the U.S. Department of Commerce. Allowing self-certification on August 1, 2016, the Privacy Shield program offers the following benefits for companies and users.
- Enhanced Dispute Resolution systems with additional reporting criteria.
- A US based Privacy Ombudsperson to handle complaints regarding data access by US Intelligence agencies.
- Stricter controls on onward transfer of data once outside of the European Union and Switzerland.
- Liability remaining with data controllers after the onward transfer of data to third-party agent.
- The option for binding arbitration to handle unresolved complaints.
- Increased cooperation between the Department of Commerce and the European Commission and the Swiss Federal Data Protection and Information Commissioner, including an annual review of the program when appropriate.
While not required for companies, this is a clear sign that Sage Intacct cares about transparency, global regulations like GDPR, and takes privacy very seriously. For more on the Privacy Shield framework, view the full text, which includes principles, definitions and descriptions.
The Newest Addition: SOC 2 Type II Compliance
The AICPA has established wide-ranging criteria for handling customer data grounded on five “trust service principles.” To achieve SOC 2 Type II companies are required to pass the security principle, and are additionally encouraged to establish and follow strict information policies and procedures on all five, which include:
- Processing integrity
Sage Intacct’s SOC 2 Type II certification was issued by outside auditors based on the systems and processes in place. By receiving SOC 2 Type II certification, Sage Intacct has proven that our customer’s information security measures are in line with the unique parameters of today’s cloud requirements.
Going Above and Beyond: Sage Intacct Lets You Buy with Confidence
Buy with Confidence isn’t just a saying, it’s a way of life for the team at Sage Intacct, who designs and secures with the customer in mind. Every design element, every vendor relationship, and every decision the company makes is there to make your job easier and increase your ability to trust their work as they help you take your accounting to the cloud.
We welcome you to learn more about the Sage Intacct Buy with Confidence Guarantee here, and learn more about how we can help you select, implement, and operate this leading option in cloud accounting.