NetSuite employs stringent round-the-clock monitoring tools, controls and policies and a dedicated tenured security team to ensure that it provides the strongest security for its customers.

NetSuite has met a host of audit and security standards including SOC 1, PCI-DSS and EU-US Privacy Shield framework. In addition, NetSuite has modeled its security and risk management processes according to National Institute of Standards and Technology (NIST) and ISO 27000 series of standards.


  • Get stringent security certifications for your business applications that are otherwise expensive and onerous to achieve in-house
  • Upgrade your applications security with NetSuite's continuous, dedicated security monitoring
  • Enjoy security controls such as fully guarded premises and physical access management that are economically unachievable with typical in-house, on-premise deployments.

Key Features

Role-Level Access and Idle Disconnect

  • SOC 1 Type II: NetSuite provides an SOC 1 Type II audit report to its customers prepared by and audited by independent third-party auditors. This report, commonly referred to as Service Organization Controls report, or SOC 1, is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and International Standard on Assurance Engagements 3402, "Assurance Reports on Controls at a Service Organization", issued by the International Auditing and Assurance Standards Board.
  • PCI DSS: In complying with PCI-DSS requirements, NetSuite offers optional 3D Secure credit card authentication—also known as Verified by Visa and MasterCard SecureCode. 3D Secure adds a higher level of credit card fraud protection. It requests shoppers to create authentication passwords for their credit cards, or requires them to enter their password if they already have one assigned
  • EU-US Privacy Shield: Key for the transfer of personal data from European Union (EU) countries to the US. NetSuite adheres to the Safe Harbor Privacy Principles published by US Department of Commerce with respect to personal data about individuals in EU countries from its subsidiaries, customers and other business partners. NetSuite's participation in the EU-US Privacy Shield program can be confirmed by viewing the list of Safe Harbor organizations at

Continuous Security Monitoring

  • NetSuite employs numerous intrusion detection systems (IDS) to identify malicious traffic attempting to access its networks
  • Any unauthorized attempts to access the data center are blocked, and unauthorized connection attempts are logged and investigated
  • Enterprise-grade anti-virus software guards against trojans, worms, viruses and other malware from affecting the software and applications.

Complete Separation of Duties

  • Job responsibilities are separated, and mandatory employee background checks are employed at all levels of NetSuite operations
  • The principle of least authority (POLA) is followed and employees are given only those privileges necessary to do their duties.

Managed Physical Access

  • Stringent physical security policies and controls to allow unescorted access to pre-authorized NetSuite Operations personnel
  • Photo ID proximity access cards and a biometric identification system provide assurance against lost badge risks or other attempts at impersonation. Proximity card reader devices are located at major points of entry and critical areas within the data centers
  • Single-person portals and T-DAR man traps guarantee that only one person is authenticated at one time to prevent tailgating
  • All perimeter doors are alarmed and monitored and all exterior perimeter walls, doors, windows and the main interior entry are constructed of materials that afford Underwriters Laboratory (UL) rated ballistic protection.

Fully Guarded Premises

  • On-premise security guards monitor all alarms, personnel activities, access points and shipping and receiving, and ensure that entry and exit procedures are correctly followed on a 24/7 basis
  • CCTV video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter
  • Video is monitored and stored for review for non-repudiation.

Continuous Data Center Performance Audits

  • NetSuite Operations manages ongoing SOC 1 Type II and PCI compliance
  • Risk management is modeled after the National Institute of Standards and Technology's (NIST) special publication 800-30 and the ISO 27000 series of standards. Periodic audits help ensure that personnel performance, procedural compliance, equipment serviceability, updated authorization records and key inventory rounds are above par.

AICPA SOC SafeHarbor ISO 27001


Learn About OneWorld Global Business Management

Schedule a free consultation
Sales Chat

Interested in growing your business with NetSuite?

Start chat