Tax Guard achieves application logical security by leveraging industry leading security tools to ensure and enforce data protection, client data partitioning and access controls based on the user’s security profile. All interactions between users and the application are evaluated for proper authorization before data is accessed.
Tax Guard’s applications are hosted within AWS Data Centers. Each facility operates 24x7x365 and is designed to protect operations from power failures, physical intrusions, and network outages. All data centers comply with industry standards for physical security and availability. AWS compliance includes SOC 2, Type II, ISO 27001, and many others.
Tax Guard applications use role-based access to provide access to system resources and restrict access to a user’s granted permissions to that resource based on job responsibilities. Users must authenticate to Tax Guard using a valid user ID and associated password. Two factor authentication is available to Tax Guard’s customers, and required for all Tax Guard employees. Our security architecture ensures that each request to Tax Guard is accompanied by user identity credentials to ensure segregation of client data.
Tax Guard enforces a strong password policy, requiring:
• Password length and complexity
• Password aging and history
• Account lockout after excessive failed attempts
Clients benefit from these security measures, as well as two factor authentication to eliminate the risk of phishing and social engineering. Tax Guard follows secure credential storage best practices by storing passwords using the bcrypt (salted) hash function.
Tax Guard employs the powerful tools created by AWS for network and infrastructure security. Identity and Access Management enforces access controls on users. Guard Duty performs continuous, AI enhanced network intrusion detection. Cloud Watch monitors and alerts for anomalies in the network. Cloud Trail provides governance, compliance and auditing. Other tools include Route 53 for DNS, Inspector for automated security assessment, Certificate Manager for TLS encryption and certificate rotation. Tax Guard’s AWS security policies and procedures are based on the AWS Cloud Adoption Framework Security Perspective whitepaper, available online.
Data Security in Transit and at Rest
All data is encrypted in transit and at rest using industry leading encryption. Key management is handled using the AWS KMS service for key security and rotation.
All sensitive communications are encrypted using leading email encryption software. Files are shared using AWS’ fully managed SFTP service, or a dedicated data room.
Tax Guard will never sell or distribute customer data. To support data sovereignty protection, Tax Guard data is stored exclusively in United States data centers and never transferred abroad.
Tax Guard protects all databases with AWS’ real-time automated backup system allowing for Point-In-Time (PIT) restore. AWS’ fully managed backup service is used to ensure that all data is safely replicated across multiple availability zones at frequent intervals.
Annual Disaster Recovery exercises are performed to assure the proper working of all backup systems in the event of a disaster. A separate Business Continuity plan is also exercised annually to assure that all business operations continue normally under unforeseen circumstances. Tax Guard offers high availability system and application status including availability and incident updates on our status page at http://status.tax-guard.com
Tax Guard is committed to the security and privacy of our client’s data. Our SOC2, Type II report for Security and Confidentiality Trust Principles, as well as our portfolio of policies and procedures are available upon request. Other documents available include annual penetration test results, business continuity results and disaster recovery results.
Please contact us with any questions.