Security

expensemanager recognises that the confidentiality, integrity, and reliability of our customers’ data are important to their business operations and our own success. We use a multifaceted approach to protect that key information and we are constantly monitoring and improving our applications, systems, and processes.

expensemanagers’ IT infrastructure has been designed and is managed in accordance with industry best practices and the Payment Card Industry Data Security Standards (PCI DSS) requirements

Industry Standard Security

Data Center Security

Our network and Information Technology resources are outsourced to Amazon Web Services (AWS). Amazon Web Services operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which our IT environment operates.

AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, and SAS 70 Type II. The data centers have multiple layers of operational and physical security to ensure the integrity and safety of our data.

expensemanagers’ guest operating system, including updates and security patches, server and storage infrastructure, back up and security systems, and other associated application software are designed and managed in accordance with the Payment Card Industry Data Security Standards (PCI DSS) requirements.

Data Transfer

Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-256. Encryption keys are stored separately from the data, and it’s all hosted in our secure cloud infrastructure.

Access control: All access to our database containing sensitive information is restricted through programmatic methods only.


Encryption

Data in Transit

Communications between you and expensemanager are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS).

Data at Rest

Communications between you and expensemanager are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS).


Continuous Monitoring

Testing

expensemanager has a comprehensive program to regularly test security systems and processes, which includes: Internal and External Vulnerability scans and penetration testing as approved by the Payment Card Industry Security Standards Council.

Real Time Audit Log

We also keep a real-time audit log of all data access and changes made by administrators, customers, employees and our automated system.


High Availability Infrastructure

Redundancy

All data centers are online and serving customers; no data center is “cold.” In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Recoverability

Data is replicated to multiple data centers to assure its recoverability in the event that an outage. We fully test our backup systems on a systematic basis to assure that the they are functional.


Network Security

Protection

Security is provided on multiple levels: the operating system (OS) of the host platform, the virtual instance OS or guest OS, a firewall, and signed API calls. Each of these items builds on the capabilities of the others.

Architecture

Our network security architecture consists of multiple security zones of trust. Systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk


Application Security

Testing

expensemanager uses advanced code testing tools to assure that our code meets OWASP standards.

IP Restrictions

expensemanager accounts are configured to only allow access from specific IP address.

Access Privileges and Roles

Access to data within expensemanager is governed by access rights, and can be configured to define granular access privileges.