Security

We care about your data security as much as you do. From Tesorio’s back-end architecture to user logins, we go above and beyond industry standards to protect your sensitive information.

Infrastructure Security

  1. Our data centers are hosted on Amazon Web Services (AWS) which are accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
  2. Our database is encrypted at rest using industry-grade AES-256, block-level storage encryption.
  3. Sensitive fields (such as Tax ID No.) are encrypted in the database using a Symmetric-key Algorithm.
  4. Continuous Protection ensures that we keep our data safe from any database failures.
  5. All communication is encrypted via 2048-bit SSL.
  6. To securely transfer files, Tesorio uses SFTP or FTPS servers.

Account Security

  1. All login attempts are logged and monitored.
  2. After 4 failed login attempts, a user is locked out until we verify if there was malicious intent.
  3. Single-Sign On (SSO) and Two-Factor Auth available for enhanced authentication security.
  4. Tesorio routinely checks and gets alerted for malicious & suspicious activity.
  5. Registered suppliers go through email verification and account-level verification. We also require sophisticated passwords to enhance account security.
  6. Tesorio uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST(National Institute of Standards and Technology). All passwords are hashed and salted with 10,000+ iterations for complete security.

NetSuite Security

  1. Tesorio is BFN (“Built for NetSuite”) Certified. See SuiteApp listing.
  2. BFN certification entails a full technical and security audit by Netsuite, which confirms that Tesorio “meet[s] the same level of standards for security, data privacy and overall quality as the solutions offered by NetSuite.” See BFN Overview.

Further Information

Tesorio’s data centers are hosted on Amazon Web Services through Heroku’s platform. For further information on their security standards, see links below: