The SaaS platform you can trust

The user experience for our customers is our priority, that’s why we adopt world-leading standards across our software. To protect our customers against security threats, data breaches and to prevent unauthorised access to customer data, TechnologyOne maintains a formal and comprehensive security program.

The TechnologyOne SaaS solution is unique in its approach to data management. Whilst we deliver a multi-tenanted SaaS application we isolate each customer’s database and data into a separate and completely private storage zone. This isolation provides far superior security to a shared storage and shares databases that combine data from many customers into a single place. Multi-tenanted software provides economies of scale, enabling customers to share one version of software globally, gain immediate access to the latest enhancements and security updates as they become available, without having to compromise on data security. These controls are in addition to the rich, logical security model in the application itself, which is personalised for each customer during implementation, and updated by our customers as their business changes over time.

Users access TechnologyOne SaaS via the internet, protected by Transport Layer Security (TLS) 1.2 and above. This secures network traffic from passive eavesdropping, active tampering and the forgery of network messages.

TechnologyOne has implemented proactive security measures such as perimeter defence and network intrusion detection and prevention systems, together with anomaly detections algorithms that alert team members. We also utilise a number of confidential countermeasures designed to protect our customers, and protect our service in general.

Vulnerability assessments and penetration testing of the TechnologyOne SaaS solution are evaluated and conducted on a regular basis by both TechnologyOne team members and trusted external third-party vendors. These vulnerability assessments are in addition to the secure coding practices, static code analysis and security reviews undertaken with our enterprise software.

In a Cloud first, mobile first world, we have rethought the traditional approach to backups. TechnologyOne SaaS architecture is active/active by design, which means that all data is synchronously stored in multiple locations, across multiple data centres, automatically. This approach challenges most existing procedures that revolve around backups, tape archives and expensive customer-adopted processes.

A full backup is taken weekly and stored in multiple locations across four physically isolated data centres. Database backups and transaction logs are implemented so that a database may be recovered with the loss of as few committed transactions as is commercially practicable. To ensure that we can offer the lowest recovery point objective (RPO) in the industry, we perform snapshots every 15 minutes to minimise the potential for data loss in the event of failure. Backups of the database and transaction logs are encrypted for any database which contains customer data.

Security Assertion Markup Language (SAML) is supported by the TechnologyOne SaaS solution and enables an enterprise single sign-on (SSO) environment. SAML provides a seamless, single sign-on experience between the customer’s internet connection and TechnologyOne SaaS, which incorporates the existing identity framework already in use.

TechnologyOne software enforces role-based security for authorisation. Role-based security allows customers to grant or restrict user access to functionality, business processes, reports and data.

System-to-system integration is via public web service invocations or Reports as a Service (RaaS). All of these system invocations are controlled by TechnologyOne software-based authorisations and security.

TechnologyOne recognises the importance of the performance of online technology and how personal information is collected, stored, used and disclosed. TechnologyOne is bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) set out in the Privacy Act as well as the Notifiable Data Breaches scheme (NDB), and understands the importance people place on their personal information. At TechnologyOne, we are committed to ensuring that all information collected by us is treated with the appropriate degree of privacy and confidentiality. For full details, refer to our Privacy Policy.