Our security strategy involves the following components
We have an Information Security Management System (ISMS) in place which takes into account our security objectives and the risks and mitigations concerning all the interested parties. We employ stern policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Each employee subject to background check process. We hire reputed external agencies to do this check on our behalf. We do this to authenticate their criminal records, previous employment records if any, and educational background. Until this check is done, the employee is not assigned tasks that may pose risks to users.
Every employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they go through training in information security, privacy, and compliance. Furthermore, we asses their understanding through tests and quizzes to determine which topics they require further training in. We give training on specific aspects of security, that they may require based on their roles.
We have dedicated security and privacy teams that executes and manage our security and privacy programs. They engineer and preserve our defence systems, develop review processes for security, and continuously monitor our networks to discover suspicious activity. They offered domain-specific consulting services and guidance to our engineering teams.
We have a dedicated compliance team to review procedures and policies in Agenter books to align them with standards, and to determine what controls, processes, and systems are required to meet the standards. This team also does regular internal audits and facilitates independent audits and assessments by third parties. For more queries, check out our compliance portfolio.
Workstations issued to Agenter employees run up-to-date OS version and are configured with anti-virus software. They are configured such that they comply with our standards for security, which need all workstations to be properly configured, patched, and be tracked and monitored by agenter books endpoint management solutions. These workstations are secured through as they are configured to encrypt data at rest, have secured passwords, and get locked when they are idle. Mobile devices utilized for business purposes are enrolled in the mobile device management system to ensure they meet up with our security standards.
We control access to our asset (buildings, infrastructure and facilities), where accessing includes consumption, entry, and utilization, with the help of access cards. We give employees, contractors, vendors, and visitors with separate access cards that only allow access strictly specific to the purpose of their entrance into the premises. Human Resource (HR) team establishes and keep up the purposes specific to roles. We keep up access logs to spot and address anomalies.
At our Data Centres, a co area provider takes the responsibility of the building, cooling, power, and physical security, while we give the servers and storage. Access to the Data Centres is limited to a small group of allowed personnel. Any other access is raised as a ticket and permited only after the approval of respective managers. Additional two-factor authentication and biometric authentication are needed to enter the premises. Access logs, activity records, and camera footage are available in case an incident happens.
We observe all arrival and exit movements throughout our premises in all our business centres and data centres through CCTV cameras deployed according to local regulations. Back-up footage is available up to a specific period, depending on the requirements for that location.
Our network security and monitoring techniques are designed to deliver multiple layers of protection and defence. We use firewalls to block our network from unapproved access and undesirable traffic. Our systems are segmented into separate networks to secure sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Agenter books production infrastructure.
Every component on our platform is redundant..It avoids spot failures in the internal network. We utilize a distributed grid architecture to shield our system and services from the effects of possible server failures. If there's a server failure, users can carry on as usual because their data and Agenter books services will still be available to them. We additionally utilize multiple switches, routers, and security gateways to ensure device-level redundancy. This prevents single-point failures in the internal network.
We utilize technologies from well-established and trustworthy service donors to block DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to block disruptions caused by bad traffic while allowing good traffic through. This retains our websites, applications, and APIs highly available and performing.
All servers provisioned for development and testing activities are hardened (by disabling new ports and accounts, deleting default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to make sure consistency across servers.
Our intrusion recognition mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of confidential commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of probable incidents. At the application layer, we have our proprietary WAF which works on both whitelist and blacklist rules.
Every change and the new feature are governed by a change management policy to ensure all application changes are authorized before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to highly secure coding guidelines, as well as the screening of code changes for potential security issues with our code analyser tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, applied in the application layer, gives functionalities to mitigate threats such as SQL injection, Cross-site scripting and application layer DOS attacks.
Our framework distributes and keeps up the cloud space for our customers. Each customer's service data is logically divided from other customers' data using a set of secure protocols in the framework. This ensures that no customer's service data becomes approachable to another customer. The service data is saved on our servers when you use our services. Your data is owned by you, and not by Agenter books. We will not reveal this data with any third party without your consent.
In transit: All customer data transmitted to our servers over public networks are secured using strong encryption protocols. We mandate all connections to our servers utilized Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This make sure a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. furthermore, for email, our services leverage opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.
We hold the data in your account as long as you choose to use Agenter Books Services. Once you terminate your Agenter Books user account, your data will get removed from the active database during the next clean-up that occurs once every 6 months. The data removed from the active database will be deleted from backups after 3 months. In case of your unpaid account inactive for 120 days continously, we will terminate it after giving a notice and the option to back-up your data and information.
NoAccountant offers a single sign-on (SSO) that lets users access multiple services using the same sign-in page and authentication credentials. When you sign in to any Agenter Books service, it happens only through our integrated Identity and Access Management (IAM) service. We also support SAML for single sign-on that makes it possible for customers to integrate their company's identity provider like LDAP,ADFS when they login to Agenter Books services. SSO simplifies login process,ensures compliance, gives effective access control and reporting, and reduces the risk of password fatigue, and hence weak passwords.
It gives an extra layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly reduce the risk of unapproved access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.
We employ technical access controls and internal policies to prohibit employees from randomly accessing user data. We adhere to the principles of least privilege and role-based permissions to decrease the risk of data exposure. Access to production environments is maintained by a central directory and verified using a combination of secure passwords, two-factor authentication, and passphrase-protected SSH keys. Moreover, we facilitate such access through a separate network with stricter rules and hardened devices. Furthermore, we log all the operations and audit them periodically.
We monitor and analyse information collected from services, internal traffic in our network, and usage of devices and terminals. We document this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically observed and analyzed to a reasonable extent that helps us identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs in a protected server isolated from full system access, to manage access control centrally and make sure availability.
We have a dedicated vulnerability management process that actively scans for security risks utilizing a combination of certified third-party scanning tools and in-house tools, and with automated and manual penetration testing efforts. Moreover, our security team actively reviews inbound security reports and obsess public mailing lists, blog posts, and wikis to spot security incidents that may influence the company’s infrastructure.
We scan all user files utilizing our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, Makes sure customer data is protected from malware.
We run incremental backups daily and weekly full backups of our databases using Agenter Books Admin Console (AC) for Agenter Books DCs. Backup data in DC is kept in the same location and encrypted using the AES-256 bit algorithm. We keep them in tar.gz format. All backed up data are retained for three months. If a customer asks for data recovery within the retention period, we will restore their data and allow secure access to it. The timeline for data restoration relies on the size of the data and the complexity involved.
We scan all user files using our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, makes sure customer data is secured from malware.
We have a dedicated incident management team. We alert you of the incidents in our environment that apply to you, along with suitable actions that you may require to take. We track and close the incidents with proper corrective actions. Whenever applicable, we will identify, collect, acquire and deliver you with necessary evidence in the form of application and audit logs regarding incidents that apply to you. Furthermore, we implement controls to avoid the recurrence of similar situations.
It gives an additional layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly decrease the risk of unauthorized access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.
A vulnerability reporting program in "Bug Bounty", to reach the community of researchers, is in place, which perceives and rewards the work of security researchers. We are committed to working with the community to verify, reproduce, respond to, legitimate, and execute appropriate solutions for the reported vulnerabilities.
If you happen to find any, please submit the issues at firstname.lastname@example.org .
We assess and qualify our vendors based on our vendor management policy. We onboard new vendors after understanding their processes for providing us servic and performing risk assessments. We take appropriate steps to make sure our security stance is kept up by establishing agreements that require the vendors to adhere to confidentiality, availability, and integrity commitments we have made to our customers. We find the effective operation of the organization’s process and security measures by conducting periodic reviews of their controls.
So far, we have discussed what we do to offer security on diverse fronts to our customers. Here are the things that you as a customer can do to make sure security from your end: