Your Data is not secure!
Security and availability are the most critical elements in any system that contains your business data. You need the assurance that your company data is both secure and accessible. NetSuite has been developed and implemented with multiple layers of data redundancy for comprehensive security and business continuity. We embrace a three-part vision of security: availability, integrity, and confidentiality. Coupled with our business practices, you can be assured that your data is accurate, accessible and secure.
For many companies, the level of security and availability, disaster recovery, and back-up provided by a software-as-a-service provider far exceeds that which they can provide themselves.
Data Center Security
The NetSuite data center ensures security and redundancy across its operations to provide high levels of security for both the physical and electronic infrastructure of the network. The network was built to meet or exceed commercial telecommunications standards worldwide for availability, integrity and confidentiality. Security features are designed to deter, detect, and deny access to unauthorized parties.
Backup Power Systems-Uninterruptible Power Sources (UPSs)
NetSuite has designed a solution for continuous power. The UPSs are provisioned in an N+1 configuration and support all customer AC equipment. Each UPS battery system is designed to carry full load for 15 minutes without a generator. Emergency generators typically provide back-up power in less than 10 seconds and are sized to support the entire facility at maximum load.
The NetSuite data center complies with local and national earthquake codes and standard practices in all seismically classified geographical areas.
Modifications to facilities include but are not limited to the following:
- Seismic bracing for the raised floor
- Seismic bracing for cabinets
- Seismic bracing for electrical switchboards
- Seismic bracing for overhead distribution trays and troughs
- Seismic bracing for the piping and associated supports
- Redundant DC power plants that are also seismically braced
Redundant Internet Connection
The NetSuite data center has three 1 GBPS pipes, designed such that any two connections can simultaneously fail without any impact on user experience. This redundancy ensures reliable connectivity with no data transmission bottlenecks to or from the data center.
Sophisticated Sprinkler Design
The fire protection sprinkler system in the NetSuite data center is a double-interlocked pre-action system designed to provide the best security against accidental discharge of water from the sprinklers. The pre-action system interfaces with a fire alarm system. Water will discharge only from the sprinklers that have been subjected to enough heat to melt the fusible link on the water head. This fusible link is the second interlock in the system.
All of the air conditioning equipment is furnished to support typical computer room equipment. Steam generating humidifiers and electric reheat coils are provided to control humidity. The collocation room has an 18-inch access flooring system, which is dedicated for air distribution only.
Physical Access to the NetSuite Data Center
The NetSuite secure center collocated within a guarded third party data center. The physical structure maintains stringent physical security policies and controls to allow unescorted access to the collocation areas for pre-authorized NetSuite personnel. The first layer of security includes Photo ID proximity Access Cards. Proximity card reader devices are located at major points of entry and are used to secure critical areas within the overall data center. All perimeter doors are alarmed and monitored. Authorized customers and vendors are required to have a validated palm scan to enter the collocation area. The access control system continuously monitors and logs all entry ways. Access records are stored for reference.
On-premise security guards monitor all traffic and ensure that entry processes are correctly followed.
Photo ID Card
NetSuite operations staff members are required to provide data center-authenticated photo ID cards prior to gaining admittance to the facility.
Palm Identification System
The Palm Identification System is linked to the access card system. Once the individual swipes the card, he or she must place a hand in the palm scan for final authorization.
Portals and Man Traps
Single-person man traps guarantee that only one person is authenticated at one time to prevent “tailgating.”
The data center maintains video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter. Video is monitored and is stored for review for non-repudiation.NetSuite provides multiple layers of data protection to ensure your business information security. NetSuite’s high levels of security stem from both the state-of-the-art secure data center and the depth in internal controls built into the NetSuite product itself. Further security is derived by the veteran staff managing the data center facilities and the NetSuite solution itself.
NetSuite’s mission is to provide the access to your data that your company relies on, so you can rest assured that your business can run continually in the face of unexpected outages or events.
Dependable access to the NetSuite system and your data is essential to your business — and we ensure that you have that access. Access to your data is a given — your data is yours, which you can export at any time. Our service level agreements include a guarantee 99.5% uptime across the entire NetSuite family of production applications or you can request a credit.
NetSuite’s commitment to the highest standards in business ethics assures our customers the integrity they expect, legally and personally.
PCI SSC Data Security Standards Overview
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.
Tools to assist organizations validate their PCI DSS compliance include Self Assessment Questionnaires. The chart linked here shows some of the tools available to help organizations become PCI DSS-compliant.
For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS) requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals. A list of approved PIN transaction devices can be accessed here.
To help software vendors and others develop secure payment applications, the Council maintains the Payment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications.
The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. The Council maintains public resources such as lists of Qualified Security Assessors (QSAs), Payment Application Qualified Security Assessors (PA-QSAs), and Approved Scanning Vendors (ASVs). Large firms seeking to educate their employees can take advantage of the Internal Security Assessor (ISA) education program.
NetSuite Provides a SAS 70 Type II Audit Report
NetSuite provides a SAS 70 Type II audit report to its customers prepared by and audited by a Big Four audit firm. SAS 70 refers to the “Statement on Auditing Standards (SAS) No. 70, Service Organizations” and is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
Our SAS 70 audit documents that we have been through an in-depth audit of our control environment, including controls over data and network security, backup and restoration procedures, system availability and application development. The requirements of Section 404 of the Sarbanes–Oxley Act of 2002 make a SAS 70 Type II audit report essential to the process of reporting on the effectiveness of internal control over a company’s financial reporting.
You don’t own your data!
Access to Your Data
While we securely manage your information for you in our data center, it is always your data and your data alone, and you always have the ability to export your data into an IIF file (tab delimited format recognized by various applications) or a Comma Separated Value (CSV) file from our applications. We created this export capability because we know it is important for you to have the option of retrieving your data at anytime, from anywhere you want.
When the internet is down, your data isn’t available!
Service Level Agreement
We know that downtime is not an option in your business. This is one reason that our service agreement guarantees 99.5% uptime outside the scheduled service windows. We guarantee 99.5% uptime across the entire NetSuite family of production applications for all our customers. A credit is available if NetSuite does not deliver its application services with 99.5% uptime.
We provide customers a publicly available web page to display system status at all times at http://status.netsuite.com