Security

We care about your data security as much as you do. From Tesorio’s back-end architecture to user logins, we go above and beyond industry standards to protect your sensitive information.

Infrastructure Security

• Our data centers are hosted on Amazon Web Services (AWS) which are accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
• Our database is encrypted at rest using industry-grade AES-256, block-level storage encryption.
• Sensitive fields (such as Tax ID No.) are encrypted in the database using a Symmetric-key Algorithm.
• Continuous Protection ensures that we keep our data safe from any database failures.
• All communication is encrypted via 2048-bit SSL.
• To securely transfer files, Tesorio uses SFTP or FTPS servers.

Account Security

• All login attempts are logged and monitored.
• After 4 failed login attempts, a user is locked out until we verify if there was malicious intent.
• Single-Sign On (SSO) and Two-Factor Auth available for enhanced authentication security.
• Tesorio routinely checks and gets alerted for malicious & suspicious activity.
• Registered suppliers go through email verification and account-level verification. We also require sophisticated passwords to enhance account security.
• Tesorio uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by  NIST  

(National Institute of Standards and Technology). All passwords are hashed and salted with 10,000+ iterations for complete security.

NetSuite Security

• Tesorio is BFN (“Built for NetSuite”) Certified. See SuiteApp listing.
• BFN certification entails a full technical and security audit by Netsuite, which confirms that Tesorio “meet[s] the same level of standards for security, data privacy and overall quality as the solutions offered by NetSuite.” See  BFN Overview.