Executive Resource Group, LLC (ERG Payroll & HR) works with AccountantsWorld utilizing the Payroll Relief platform to provide payroll services and support to small businesses. Please read the below security protocols that are instituted in conjunction with AccountantsWorld to keep your data and money safe.
Data Security and Privacy
AccountantsWorld hosts your data on Amazon Web Servers – the same industry-leading IT infrastructure used by Amazon.com to run their entire business. These servers are fully secure, and comply with leading industry certifications including ISO 27001 and SAS70 Type II audits.
Ensuring the security and privacy of your and your clients’ data is paramount to us. We employ the following stringent measures to protect your data and privacy:
- All servers are secured according to industry standards.
- AccountantsWorld utilizes Amazon.com’s secure data centers. Amazon Web Servers have been SSAE 16 audited and have also received ISO 27001 certification for information security.
- All sensitive data is encrypted in transit using SSL “green-bar” digital certificates.
- All data is backed up on a regular basis and is redundantly stored.
- We will not share your data with any external party.
As a result of these stringent security measures, your documents and data files are safer with AccountantsWorld than if they were stored on your own or your clients’ in-house networks and computers.
To ensure the highest level of security and controls, we undergo comprehensive external audits which are scheduled on a regular basis. Independent audits conducted would include, but are not limited to the following;
NACHA ACH Audit – Independent audit of the policies, practices, processes and procedures as they relate to processing, originating, receiving, settling and otherwise dealing with Automated Clearing House (ACH)Transactions to ensure compliance with NACHA operating rules and requirements. This comprehensive audit is designed to validate that the appropriate controls exist from both a system and process perspective to ensure the security and integrity of all ACH transactions processed by AccountantsWorld. The purpose of this audit is to ensure that ACH transactions are handled properly to minimize potential losses and exposure to liability for AccountantsWorld and our customers. The scope of this audit would include a detailed assessment of all the people, processes and technologies associated with the handling of ACH transaction processing at AccountantsWorld.
ACH Risk Assessment – Independent review of the policies, practices, processes and procedures as they relate to processing, originating, receiving, settling and otherwise dealing with ACH Transactions and/or the ACH Network to identify threats, vulnerabilities and underlying risks to ACH Transactions and/or the ACH Network and/or the Client.
Wire Transfer Audit – Independent audit of the policies, processes and internal control structure including procedures as they relate to the origination receipt, and settlement of wires.
Wire Transfer Risk Assessment – Independent review of the policies, practices, processes, and procedures as they relate to the Wire Transfer service.
External Penetration test – External attack simulations from the internet to AccountantsWorld Hosted infrastructure at AWS, using the most common types of attacks to validate security.
Internal Penetration test – Attacks simulated on the internal network infrastructure of AccountantsWorld servers hosted at AWS, using the most common types of attacks.
Application Penetration Test – Applications including Payroll relief and Accounting Power are tested with simulated attacks to validate security at the application level.
Fraud Management Program
We employ industry best practices and continuous process improvement to ensure our comprehensive fraud management program continues to stay ahead of the curve to protect your funds and personal information.
· We provide guidance on best practices to minimize your risk
· In depth knowledge of fraud trends and indicators
· Ongoing monitoring of transactional behavior to identify unusual activity
· Automated, proprietary toolset to assist with fraud prevention and monitoring
Our servers run the latest secure operating systems. All servers are configured according to industry best practices. All critical vendor-issued security updates are applied as soon as possible following their release. All access to resources is granted following the “principle of least privilege”; access is only granted to required resources. All systems are monitored 7x24x365.
All our web servers are secured using Secure Sockets Layer (SSL). Servers are assigned a Secure Certificate ID that identifies the website and enables us to use SSL for secured data transfer.
To protect your and your clients’ critical financial information while it is transmitted over the Internet, all critical information such as credit card information, password, and personal data are encrypted using 128-bit SSL “green-bar” digital certificates from GoDaddy.
For further protection, sensitive information remains encrypted while stored on our servers.
Physical security of server location
AccountantsWorld utilizes Amazon.com data centers, which are housed in multiple nondescript facilities located in Virginia. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All physical access to the data center is logged and audited routinely.
All end users and internal staff are required to have unique user names and passwords. All passwords must be at least seven characters and include alpha-numeric characters. Users are not permitted to share user names and passwords. All logins are recorded and audited.
Data stored on our systems is redundantly stored in multiple physical locations as part of normal operations. Additionally, database data is mirrored in real time to a redundant system in a separate physical location. What this means is that a single system failure will not result in a loss of any data.
Protection against viruses
All servers and workstations are protected against virus attacks by utilizing leading anti-virus software. Anti-virus definitions are automatically and continually updated.
We protect your and your clients’ privacy with utmost care. We will not share your client data with any third party except with our alliance partners, if necessary for successful implementation of any service we offer with their assistance. All our alliance partners are required to sign a contract to safeguard your and your client’s data against any unauthorized use.
Our staff does not have access to any identifiable personal information, except when it is provided by you for conducting business with us. On rare occasions we need to access data to troubleshoot a problem. With your permission, authorized AccountantsWorld support personnel may access your client’s data in a business application, but without their having access to your client’s identifiable personal information.
As a result of these stringent security measures, your and your clients’ documents and data files are safer with AccountantsWorld than if they were stored on your own or your clients’ in-house networks and computers.