InvoiceSharing Security Policy

InvoiceSharing Security Policy
Rate this post

InvoiceSharing – Last modified: January 3, 2014

InvoiceSharing (hereinafter referred to as “INVOICESHARING”) has created this Security Policy in order to demonstrate our firm’s commitment to security. The following discloses our security and accessibility policies.

Site certificate information
INVOICESHARING understands that the security of your personal information and business details is important to you. Whenever you submit personally identifiable or business identifiable information or transfer other information and documents to and from INVOICESHARING.com, you will be doing so through our secure servers.

The INVOICESHARING.com service only allows secure browsers access to the system. The browser’s “secure mode” is in place only when you are logged in to the system. You will be able to tell that you are in a secure mode when your browser displays a special icon on the lower bar of your browser window.

Every secure page (i.e. every part of the user interface) on INVOICESHARING.com has been secured with a digital certificate by Thawte DV This is shown via the “site certificate” that is resident on all secure pages. To view this certificate, click on the image of the closed lock on the bottom bar of your browser window. A small frame displaying site security information will appear. This allows you to verify the site certification authority and that you are in fact on INVOICESHARING.com or a sub-domain of INVOICESHARING.com, e.g. secure.INVOICESHARING.com.

User identification
Only the users of a InvoiceSharing-module can see the InvoiceSharing-module and access its contents. Each user selects his/her own password for INVOICESHARING.com. The users’ passwords are stored in a one-way encrypted format and are not accessible to employees of INVOICESHARING.

After entering the required registration information as a new user you will be able to access your user account immediately. The password is chosen directly as part of the registration process and not sent to you by any other means.

If you have forgotten your password, or your password is not working for some reason, you can re-establish your identity with the system as follows:

  1. Go to https://secure.invoicesharing.com/index.php?page=SignUp&action=forgotPassword
  2. Enter your registered e-mail address in the form and click “Send”.
  3. Follow the instructions in the e-mail message that is sent to you (after step 2).

A password system has been established to ensure that only you can access your personal information and InvoiceSharing-modules. The acceptable minimum password length is 8 characters long and should contain at least 2 numbers and 2 characters. We recommend that you use a random combination of letters, numbers, and cases to provide added protection (for instance: ‘Hfg#358-mZ’ would be a good password).

Each time you login to the system you will be required to authenticate your identity by entering your previously supplied username and password. Upon successful login, you are issued a unique “session id” (does not include any personally identifiable information) which allows you to remain active as long as actions are performed in the system at least once every 30 minutes, after which any further actions require you to re-enter your username and password. If an incorrect password is supplied, or if you simply forget your password, you may need to re-establish your identity following the instructions above.

After an undisclosed number of unsuccessful login attempts, you will be locked out.

Protection of information being transmitted
We use encryption technology to ensure the safe transmission of your information and documents when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser’s capability. The highest available bit length is always used. All communication between your computer and INVOICESHARING applications is encrypted using SSL.
Protection of stored information
INVOICESHARING takes many measures to protect client information while it is stored, including:

  • Utilizing a firewall to protect our server farm and stored information. A firewall is a barrier to unauthorized users to prevent access to our systems.
  • Monitoring system and application activity logs to identify any unusual activity, from authorized and/or unauthorized individuals accessing our systems and/or making changes to stored information, for investigation.
  • Housing the server farm in a highly secure building to provide additional protection against unauthorized access and changes to stored information.
  • The system administration at INVOICESHARING.com has no functions allowing access to a client’s InvoiceSharing-module. It is thus impossible for employees at INVOICESHARING to access clients’ documents. INVOICESHARING has also taken special steps to ensure that only a few key people are aware of how the security system is designed and implemented.
  • All employees at INVOICESHARING are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information handled by the company’s clients when using the INVOICESHARING.com Web service.

In addition to client data, some personal information is stored in our databases and in browser cookies. For a complete list of what personal and demographic information is stored at INVOICESHARING.com we refer to our Privacy Statement, which is available here

Internet connection and server architecture
The third party hosting and data center (Rackspace) provides the hardware, the datacenter environment and delivers the server hardware infrastructure to InvoiceSharing. The Rackspace offering is performed under the Rackspace Type II ISAE3402 or SOC1 Report, which is included in the SLA between InvoiceSharing and Rackspace.

This server farm consists of a range of redundant hardware components including:

  • Large bandwidth redundant Internet connections to one of the main Internet connection points and redundant routers with fail-over configuration.
  • Application and Web servers in the form of several load-balanced multi-processor servers.
  • Redundant database configuration.
  • Database server mirrored in a fail-over server, which will take over if the main server is interrupted.
  • Highly secure computer facilities with cooling systems, UPS, backup systems and fire protection.

Backup routines
INVOICESHARING has implemented the following backup routines:

  • All systems are writing their data to redundant RAID configured disks
  • All client data is simultanously written to seperate servers
  • A differential backup that saves changes made to files over the last 24 hours is performed every day. Backups are also stored on a geographically different location, to guarantee the availability in all emergencies.
  • Complete backups of systems are available both of short history as well as longer ago.
  • The encryption and inaccessibility for personnel of the client’s information is retained whenever backups are performed.
  • INVOICESHARING has implemented routines for restoring backed up data.

Accessibility

  • INVOICESHARING undertakes to provide the customer with access to the INVOICESHARING.com service as specified in detail in the InvoiceSharing Terms of Service as set forth from time to time on INVOICESHARING’s web sites. In the event of any conflict between this policy, the information on INVOICESHARING’s web sites and that which is stated on the aforementioned Terms of Service, the Terms of Service shall take precedence.
  • INVOICESHARING undertakes to adopt reasonable measures in order to ensure that the INVOICESHARING.com service is available over the Internet around the clock, seven days a week. INVOICESHARING shall be entitled to take measures that affect the aforementioned accessibility where INVOICESHARING deems such to be necessary for technical, maintenance, operational, or security reasons.
  • The customer shall be aware and acknowledges that the customer’s access to the Internet cannot be guaranteed and that INVOICESHARING shall not be liable for deficiencies in the customer’s own Internet connections.
  • In the event of defects or deficiencies attributable to INVOICESHARING, INVOICESHARING undertakes to act to rectify such defect without unreasonable delay. In the absence of intent or gross negligence by INVOICESHARING, INVOICESHARING otherwise assumes no responsibility for defects or deficiencies in the INVOICESHARING.com service. Error notification must be given by the customer in accordance with the instructions announced by INVOICESHARING from time to time and within a reasonable time of the discovery of the defect.

Changes in this policy
INVOICESHARING reserves the right to modify or amend this Security Policy at any time and for any reason. Users will be notified about changes in the Security Policy via our web sites and newsletters.

Additional information
Additional information on the Privacy Policy
Additional information on the Terms of Service

Contact information
If you have any questions about this Security Policy or any other inquiries, you can contact:
InvoiceSharing BV
Weena 690-29B
3012 CN Rotterdam
The Netherlands
+31 887 999 900

support@invoicesharing.com


No comments

Write a comment
No Comments Yet! You can be first to comment this post!

Write a Comment

Your e-mail address will not be published.
Required fields are marked*