Stringent, Certified and Audited 24/7 Security
NetSuite employs stringent round-the-clock monitoring tools, controls and policies and a dedicated tenured security team to ensure that it provides the strongest security for its customers.
NetSuite has met a host of audit and security standards including SSAE 16 (SOC 1), PCI-DSS and US-EU Safe Harbor framework. In addition, NetSuite has modeled its security and risk management processes according to National Institute of Standards and Technology (NIST) and ISO 27000 series of standards.
- Get stringent security certifications for your business applications that are otherwise expensive and onerous to achieve in-house
- Upgrade your applications security with NetSuite's continuous, dedicated security monitoring
- Enjoy security controls such as fully guarded premises and physical access management that are economically unachievable with typical in-house, on-premise deployments.
Comprehensive Security Certifications
- SSAE 16 (SOC1)/ISAE 3402 Type II: NetSuite provides an SSAE 16 (SOC1)/ISAE 3402 Type II audit report to its customers prepared by and audited by a Big Four audit firm. This report, commonly referred to as Service Organization Controls report, or SOC 1, is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and International Standard on Assurance Engagements 3402, "Assurance Reports on Controls at a Service Organization", issued by the International Auditing and Assurance Standards Board.
- PCI DSS: In complying with PCI-DSS requirements, NetSuite offers optional 3D Secure credit card authentication—also known as Verified by Visa and MasterCard SecureCode. 3D Secure adds a higher level of credit card fraud protection. It requests shoppers to create authentication passwords for their credit cards, or requires them to enter their password if they already have one assigned
- US-EU Safe Harbor: Key for the transfer of personal data from European Union (EU) countries to the US. NetSuite adheres to the Safe Harbor Privacy Principles published by US Department of Commerce with respect to personal data about individuals in EU countries from its subsidiaries, customers and other business partners. NetSuite's participation in the US-EU Safe Harbor program can be confirmed by viewing the list of Safe Harbor organisations at http://safeharbor.export.gov/list.aspx
Continuous Security Monitoring
- NetSuite employs numerous intrusion detection systems (IDS) to identify malicious traffic attempting to access its networks
- Any unauthorised attempts to access the data center are blocked, and unauthorised connection attempts are logged and investigated
- Enterprise-grade anti-virus software guards against trojans, worms, viruses and other malware from affecting the software and applications.
Complete Separation of Duties
- Job responsibilities are separated, and mandatory employee background checks are employed at all levels of NetSuite operations
- The principle of least authority (POLA) is followed and employees are given only those privileges necessary to do their duties.
Managed Physical Access
- Stringent physical security policies and controls to allow unescorted access to pre-authorised NetSuite Operations personnel
- Photo ID proximity access cards and a biometric identification system provide assurance against lost badge risks or other attempts at impersonation. Proximity card reader devices are located at major points of entry and critical areas within the data centers
- Single-person portals and T-DAR man traps guarantee that only one person is authenticated at one time to prevent tailgating
- All perimeter doors are alarmed and monitored and all exterior perimeter walls, doors, windows and the main interior entry are constructed of materials that afford Underwriters Laboratory- (UL) rated ballistic protection.
Fully Guarded Premises
- On-premise security guards monitor all alarms, personnel activities, access points and shipping and receiving, and ensure that entry and exit procedures are correctly followed on a 24/7 basis
- CCTV video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter
- Video is monitored and stored for review for non-repudiation.
Continuous Data Center Performance Audits
- NetSuite Operations manages ongoing SAS70 Type II and PCI compliance
- Risk management is modeled after the National Institute of Standards and Technology's (NIST) special publication 800-30 and the ISO 27000 series of standards. Periodic audits help ensure that personnel performance, procedural compliance, equipment serviceability, updated authorisation records and key inventory rounds are above par.