To guarantee the safety of its customers, NetSuite uses rigorous standards and control and monitoring systems, as well as a permanently dedicated team.
NetSuite complies with a series of security standards and audits, including SOC 1, PCI-DSS and the EU-US Privacy Shield framework. In addition, NetSuite has adapted its security and risk processes according to the NIST (National Institute of Standards and Technology) and is ISO 27000 certified.
You will have the most demanding certifications, which would be expensive and difficult to achieve if you did it autonomously.
You will have security updates of your applications through the continuous and dedicated monitoring that NetSuite performs.
Your databases will be hosted in guarded facilities with access control, something unattainable or extremely expensive to maintain in your own headquarters.
Access based on Role and Disconnection due to Inactivity:
SOC 1 Type II: NetSuite provides its clients with an SOC 1 Type II audit report, carried out by independent auditors. This report, known as Service Organization Control, or SOC 1, is made in accordance with the certification standards established by the American Institute of Certified Public Accountants and the International Standard on Assurance Engagements 3402, “Report of Service Organization Control Guarantee “, issued by the Council of International Standards of Audit and Guarantee -International Auditing and Assurance Standards Board.
PCI DSS: According to PCI-DSS requirements, NetSuite optionally has a credit card with Secure 3D authentication, also known as Verified by Visa and MasterCard SecureCode. 3D Secure increases protection against credit card fraud. Basically, it asks buyers to create a verification key for their credit cards or asks them to enter the one they have already assigned.
EU-US Privacy Shield: Fundamental for the transmission of data between the European Union and the US NetSuite adheres to the Safe Harbor Privacy Principles published by the US Department of Commerce regarding the data of individuals, subsidiaries, customers and partners from EU countries. You can verify NetSuite’s adhesion to the EU-US Privacy Shield program by consulting the list of organizations http://safeharbor.export.gov/list.aspx
Continuous Security Supervision
NetSuite uses numerous intrusion detection systems (IDS) to locate malicious traffic trying to access their systems.
Any attempt of unauthorized access to the data centre is blocked and the connection investigated.
Antivirus software at the large company level protects software and applications from Trojans, worms and other malware.
Total Task Separation
The tasks are compartmentalized and mandatory background checks are carried out on all employees involved in operations.
The principle of least authority (POLA) applies, which means that employees have only the access authorizations necessary to carry out their tasks.
NetSuite follows a strict policy and control of physical access to facilities to allow unescorted access to personnel previously authorized to work in Operations.
Proximity identification cards with photo and a biometric identification system protect against the risk of loss of identifiers and other risks of identity theft. The readers of identifiers are located in the main accesses and in critical points of the data centres.
The access has a system of locks and security arches that guarantee that only one verified person can access at the same time.
All the perimeter doors have alarms and surveillance, and the exterior walls, doors, windows and main interior entrances are built with materials resistant to projectiles, endorsed by the Underwriters Laboratory (UL).
Security guards monitor the alarms 24/7; staff activity; access points; and the shipments and receptions; also controlling that the protocols of entry and exit of people are correctly followed.
At all points of entry to the perimeter and security zones there are closed circuit cameras with automatic tracking, in which sound, movement, changes in the heat footprint – or a combination of these factors – activates the camera, the focus and changes in the field of vision. In addition, the videos are recorded and saved so that, if necessary, the perpetrator is identified and there is physical evidence of an intrusion.
Continuous Audits of the Performance of Data Centres
NetSuite Operations works continuously to comply with SOC 1 Type II and PCI.
The risk management procedures are based on NIST (National Institute of Standards and Technology) publication 800-30 and ISO 27000 series standards. Periodic audits help verify that the performance, processes, equipment functioning, authorization records and inventory are above average.