1. Introduction
    • We are committed to safeguarding all manner of data from the personal data of our clients and employees when delivering services to our clients. In this policy, we explain how we achieve this.
    • In the contects of the business Trekim Business Accounting is a joint controller of customer data with at least two of the service providers named below. Im many but not all cases Trekim Business Accounting clients will have initiated accounts with at least two of the three service providers below, prior to having engaged the services of Trekim Business Accounting.
  2. Infrastructure & Preventive Measures
    • Trekim Business Accounting infrastructure is provided by the companies named below – access to the cloud service platforms is achieved through internet access at the Treckim Business Accounting office’s via a service agreement with their internet service provider.
    • Trekim Business Accounting also utilises the services of an IT Company to ensure that all the in-house systems are maintained to financial industry standards.
    • All in house computer systems have anti-virus, anti-malware, anti-ramsomware and firewall systems installed.
    • All in-house are regularly scanned for infections. If and when an infection is found appropriate steps are taken to cleanse the machine of infection.
    • As all customer services are undertaken in a cloud environment provided by one or more of the named service providers below, very little to no customer data is held on local computer systems.
    • The business cyber-infrastructure is provided by the three companies listed below – Each of the companies listed have won independent awards for the services they provide – Xero and Receipt bank has been designed with “security by design and default” principles at the forefront of operational processes and procedures guaranteeing compliance with Articles 35 & 36 of the GDPR and the UK Data Protection Bill and general business “Best Practice” to this end:
      • The servers are housed in data centres provided by our three main services providers:
        • Xero
        • Receipt Bank
        • Autoentry
        • Accountancy Manager
        • Brightpay and Payroll Manager for payroll and CIS
        • Dropbox
        • Googledrive
  1. Xero Privacy Policy & Cyber Security Measures

3.1.  Protecting your data

  • We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and financial information you trust to Xero.
  • You control access
    • As a Xero customer you have the flexibility to invite unlimited users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do. Our customer support staff cannot access your information unless you invite them to help. Please see our privacy policyfor further information.
  • User authentication
    • We provide standard access to the Xero software through a login and password. In addition we offer the option of using two-step authentication. This provides a second level of security for your Xero account. It means you’re also asked to enter a unique code generated by a separate authenticator app on your smartphone. We recommend you use two-step authentication as it reduces the risk of your Xero account being accessed if your password is compromised.
  • Data encryption
    • We encrypt all data that goes between you and Xero using industry-standard TLS (Transport Layer Security), protecting your personal and financial data. Your data is also encrypted at rest when it is stored on our servers, and encrypted when we transfer it between data centres for backup and replication.
  • Network protection
    • Xero takes a “defence in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Xero’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
  • Secure datacentres
    • Xero’s servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. Xero maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.
  • Security monitoring
    • Xero’s Security team continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.

3.8. Security assurance

  • Xero has produced a Service Organization Control (SOC 2) report. The report is the result of an independent auditor’s examination of Xero’s cloud based accounting system relevant to the Trust Services Principles and Criteria for Security, Availability, and Confidentiality.
  • If you have questions, or would like to request the latest available SOC 2 report, please complete this request formand a Xero Customer Experience representative will contact you.
  • Best in class availability
    • With a record of 99.97% uptime, Xero delivers best-in-class availability. We use multiple redundancy technologies for our hardware, networks, data centres and infrastructure. These ensure that if any component fails, Xero will keep on running – with little or no disruption to your service.
  • Built to perform at scale
    • Xero has been designed to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and our hundreds of thousands of other users.
  • Disaster recovery and readiness
    • Xero performs real-time data replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should even an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup site to keep Xero and your business running. We transmit data securely, across encrypted links.
  • Constant updates and innovation
    • We’re constantly enhancing Xero, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.

3.13. Your online safety

  • We design security into Xero from the ground up.
  1. Receipt Bank
    • Used by thousands of businesses accountants and book keeping firms across the world Receipt bank integrates with world leading Accounting Software Service Providers such as Sage, Xero, FreshBooks,
    • Clients’ accounting data is be saved across multiple data centres to make it less prone to malicious hacks, and the physical servers are be protected both by online security systems and real-world security safeguards on the ground at the data centre.
    • What’s more, there are backups built into these networks – if one site goes down your data is saved somewhere else.
    • Military grade security protects their accounts
      • All data will be encrypted using the industry-standard TLS (Transport Layer Standard) encryption technology. Accounts are no longer sat on on office server or on an easily stolen laptop: data is backed up automatically to cloud servers with true military grade protection.
    • Software is always the latest version
      • Logging into cloud software from a browser means clients will always be using the most up-to-date version of the software. That means no updates to download, no fixes to install and security settings that are always 100% current and targeted to resolve any known threats.
    • Receipt Bank have dedicated security teams keeping their software fighting-fit.
  2. Accountancy Manager
  3. Accountancy Manager utilises similar systems and standards as both Xero and Receipt bank – https://www.accountancymanager.co.uk/security
  4. Mandatory Reporting
    • Trekim Business Accounting relies on the security measures and procedures of its named services providers. To this end all three providers have systems in place to be able to notify Trekim in the event that they experience a data breach so that Trekim Business Accounting can notify their clients.
    • In addition each of the Trekim Clients will customers of Receipt Bank and either Xero or Account Manager so as well as being notified of any data breach issues as they arise by Trekim Business Accounting they will also be notified by their chosen service providers.