All your mission-critical data is stored in one central and secure cloud environment. TaxModel is an ISO27001 certified SaaS company, and it applies the highest standards for data security and data privacy.
Work & collaborate in a secure environment
ISO27001 Certificate
ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). Achieving accredited certification to ISO 27001 demonstrates that TaxModel is following information security best practice, backed by an independent, expert assessment of whether your data is adequately protected.
Press release:
TaxModel International picks up ISO 27001 certification
TaxModel International, the technology company specialized in standardizing tax work flows, is proud and excited to announce that it has received the ISO 27001:2017 certification from TUV Nederland, Nord Group . To hold this qualification as one of the first tax technology companies worldwide is a significant achievement for TaxModel, which develops software solutions for tax professionals by tax professionals.
The ISO 27001 certification is one of the most widely recognized and internationally accepted information security standards. Attaining it requires companies to satisfy independent auditors that the business is systematic and rigorous in its approach to managing sensitive company and customer information. It also demonstrates that good processes are in place to help avoid mistakes that may lead to security issues.
“Our clients trust us and our products to process and store their most valuable data. We are therefore, committed to the highest levels of security. In achieving the ISO 27001:2017 certification we are proud to have demonstrated that as a company we have all the necessary controls in place to ensure that this strict standard is met by our people, processes and technology”, said Hank Moonen, founder and CEO of TaxModel.
ISO 27001:2017 recognizes TaxModel’s dedication to identify, control, and eliminate security risks, ultimately certifying the security practices adopted. The standard encompasses the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the company.
“Helping our clients create and meet the quality and security controls that ultimately set them on their way to regulatory compliance with our solutions is our aim. It really was a no-brainer for TaxModel to implement an ISMS. Making sure everybody is on board, we push ourselves for a higher level of security, stability and integrity of our solutions and the services we provide on a daily basis. It reflects TaxModel’s approach to technology and compliance.”
TaxSuite Security Policy
Data Protection
All TaxSuite data is hosted on the Microsoft Azure Platform. We take advantage of all the security and privacy features Azure provides. Our team takes additional proactive measures to maintain a secure infrastructure and make sure there are always multiple backups for infrastructure disaster recovery purposes. For more specific details regarding how Microsoft Azure keeps data secure, please refer to https://azure.microsoft.com/en-us/overview/security/.
Data encryption
Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest.
https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
Datacentre security
Azure maintains an impressive list of reports, certifications, and independent assessments to ensure complete and ongoing state-of-the-art data centre security. They have many years of experience designing, constructing, and operating large-scale data centres, making them the industry standard for security. https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure
Can you provide the locations for your data centres?
TaxModel does not manage any of our own data centres; all data centre operations are outsourced. Primarily we rely on Microsoft Azure as our data center hosting and management partner. The selected Azure Region is West Europe. https://azure.microsoft.com/en-us/global-infrastructure/
Backups
We designed backup measures for TaxSuite in line with system recovery requirements. TaxSuite has extensive backup measures in place to ensure the continuity of our services. TaxSuite uses the backup features of Microsoft Azure SQL (Relational database service) to create automated daily backups of each SQL instance.
https://azure.microsoft.com/en-us/services/backup/#overview
Application security
All data to and from TaxSuite is sent securely over HTTPS. The initial connection is established over 2048 bit TLS, and the rest of the communication happens over 256 bit SSL. TLS and SSL are the standard technologies for keeping an internet connection secure and prevents anyone from reading and modifying any information.
Your company-specific data inside TaxSuite is kept separate through a physical separation at the data tier, meaning that our clients get their respective data sources. TaxSuite implements a shared logical layer that connects to the correct data sources based on application-level access permissions and roles you set up in your environments.
All TaxSuite data is encrypted at rest. At-rest encryption means that all our databases, files, and other stored content have their files encrypted when they’re backed up or otherwise sitting idle.
Microsoft Azure Single Sign-On (Oauth2) is available; Passwords are hashed using PBKDF2 and are salted with unique salts.
Operational security
We constantly monitor our systems. We get reports in real-time so we can instantly react in case a potential issue arises. All actions taken on production environments are monitored and logged for auditing purposes.
We constantly monitor security, performance, and availability. We run automated security testing on an ongoing basis. We prioritize, resolve, and deploy discovered security issues quickly after discovery. Because we follow Continuous Delivery and Deployment best practices, we can update TaxSuite continuously without needing a maintenance window, as updating the application does not necessarily mean downtime.
We never access your data in TaxSuite, unless required for support reasons and with your explicit permission.
Key management
TaxSuite uses the Microsoft Azure Managed Identities and Key Vaults for key management. The encryption, decryption, and key management process are inspected and verified internally by Microsoft on a regular basis as part of their existing internal validation processes.
https://docs.microsoft.com/en-us/azure/key-vault/
Want to know more about our security standards?
Schedule a meeting directly with one of our Tax Technology Specialists.
Click on the button below, enter your email address and we’ll connect you with the right person.