Security and trust

We know that availability and security are important to all our customers. That is why we at 24SevenOffice take security very seriously and we understand our responsibility towards you as a customer. Operating and protecting your data is one of our main tasks. At 24SevenOffice, we have strict guidelines that ensure you have access to your business system and your data whenever and wherever you want. To protect data, 24SevenOffice has implemented an Information Security Management System (ISMS). 24SevenOffice has based this management system on the ISO 27001 standard.

What is ISO 27001?

ISO is an abbreviation for the International Organization for Standardization, which is an organization and a term that means that processes within a company are standardized.

When you hear about a company that is ISO certified, this means that this company has a quality stamp issued by accredited auditors, which must be renewed every 3 years. The auditors have reviewed that the company meets the requirements set out in the ISO standard, so you can be confident that your supplier has control over the protection of your data in relation to confidentiality, integrity and availability. For you as a customer of such a company, this means that you do not have to ask detailed questions about whether the supplier has satisfactory control in areas such as e.g. risk assessment, internal access control, supplier control, backup routines, security in development and operation and much more. The certificate itself is proof that the supplier already satisfies these requirements.

24SevenOffice is ISO 27001 certified

24SevenOffice has completed an ISO 27001 certification and received this quality stamp. The certificate confirms that 24SevenOffice follows the highest standards in information security. Both when it comes to documentation, administration, internal routines, focus on continuous improvements and a preventive work methodology.

Availability

The principle is that 24SevenOffice must be available to you as a customer 24/7/365, with the exception of planned and notified maintenance windows for short periods at night*. In this way, 24SevenOffice offers all its customers predictability, and that maintenance affects you as a customer to the least extent possible.

The data centers where 24SevenOffice is operated are set up with high security with monitoring, access control and alarm systems. In addition, the operating environment is set up with redundancy, which means that the data is stored in more than one data center. This means that the data is even better secured in relation to any major events or disasters. The data centers where 24SevenOffice is operated are located in the Norway, in accordance with Norwegian laws or Ireland in accordance with the EU's data protection requirements (GDPR) . 24SevenOffice MRP is hosted in datacenters in US for US customers. 
* Availability follows the 24SevenOffice SLA in the Customer License Agreement

Backup

The databases are continuously backed up several times a day. 24Sevenoffice has procedures for backing up and restoring data and according to the ISO 27001 standard, this is regularly monitored and tested. In addition, backup copies are taken of servers and databases every night, and the copies are stored in physically separate locations.

Traffic between the data centers is encrypted and all backups are stored in Norway or US for 24SevenOffice MRP US customers.

Accounting data

24SevenOffice stores accounting data for tens of thousands of companies, which requires the storage of accounting documents in accordance with local laws and regulations. In addition, 24SevenOffice is a supplier to many accountants that belong to a regulated industry which in turn makes strict demands on its suppliers. 24SevenOffice is a regular participant in Regnskap Norge IT-forum, which is the Norwegian industry association's forum for accounting, payroll, tax, tax and knowledge systems. The forum shall be a place for the exchange of experiences and ideas for the benefit of the customers, that is the accountancy industry. The forum will focus on matters such as standardization, compliance with laws and regulations, influence on the authorities and the sharing of knowledge in a wide area.

Quality

24SevenOffice will satisfy its customers' demands and needs through a continuous focus on improving its processes, services and products based on:

• Customer feedback and internal evaluations
• Acquisition of the right skills and knowledge of technological developments
• Efficient deliveries at the agreed time and cost
• High service availability through stable and reliable operation
• Routines to ensure the right quality and avoid critical deviations
• Anchoring the principles for good information security and quality in the organization

Information Security

24SevenOffice's basic framework for work with information security is the following:

• Customers' valuables must be identified and handled in such a way that they are not lost, corrupted, misused or misplaced
• Processes, systems, services and products must be planned and used in such a way that their availability, integrity and confidentiality are safeguarded
• Employees must be familiar with security instructions
• Suppliers and partners must comply with 24SevenOffice's requirements for information security
• Unwanted incidents must be prevented, and lessons must be learned from incidents that occur

Information Security Policy

24SevenOffice has a separate Information Security Policy that is shared with all relevant stakeholders