NetSuite Supports Best Practices for the management of your business on NetSuite and for NetSuite as a company. NetSuite has architected stable, highly-available systems with multiple layers of redundancy to provide you with unparalleled application availability and reliability. Just like the systems they protect, the processes that govern NetSuite's availability are continuously tested,
improved and maintained. Process management is governed by industry best-practices. NetSuite subjects all of its processes and procedures to regular third-party audits as part of its commitment to quality.
- SAS 70 Type II Audit Report
NetSuite provides a SAS 70 Type II audit report to its customers prepared by and audited by a Big Four audit firm. SAS 70 refers to the "Statement on Auditing Standards (SAS) No. 70, Service Organizations" and is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
Our SAS 70 audit documents that we have been through an in-depth audit of our control environment, including controls over data and network security, backup and restoration procedures, system availability and application development.
- Payment Card Industry Data Security Standards (PCI DSS)
| Both NetSuite and NetSuite Small Business comply with the Payment Card Industry's (PCI) Data Security Standards, adding stronger security parameters to assist our customers in protecting credit card numbers. NetSuite and NetSuite Small Business both provide 3D Secure credit card authentication — also know as Verified by Visa and MasterCard SecureCode. 3D Secure adds a higher level of credit card fraud protection. It requests shoppers to create authentication passwords for their credit cards, or requires them to enter their password if they have already assigned one. See current verification.
- Risk Mitigation
An effective risk management process is an important component of a successful security program. The principal goal of NetSuite's risk management process is to protect the availability of the NetSuite application. NetSuite's risk management process includes the definitions and practical guidance for assessing and mitigating risks identified within its system. NetSuite's comprehensive risk management process has been modeled after the National Institute of Standards and Technology's special publication 800-30 and is maintained in accordance with the standard.