Sensitive information requires the highest security

Physical Security
Physical Security
Hardware, data center, personnel, access, and availability
Learn More →
Application Security
Application Security
Code, Databases, and Configurations
Learn More →
Network Security
Network Security
Rules and controls for incoming and outgoing data
Learn More →
Privacy
Privacy
Encryption, legal requirements, and access to information
Learn More →
Access Control
Access Control
Access permissions, passwords, authorization, and encryption
Learn More →
Availability
Availability
Performance, availability, and redundancy
Learn More →
Partnership
Partnership
Trust, track record, consistency
Learn More →

Physical Security

How does Auditi ensure physical security?

The Auditi applications are hosted solely in the DATEV eG data center. DATEV is responsible for the physical security of their infrastructure.

Physical Security

The Auditi applications are hosted solely in the DATEV eG data center. DATEV is responsible for the physical security of their infrastructure.

What kind of data center are we talking about?

The DATEV data center handles multiple petabytes of data at the highest level of security. It is ISO 27001 certified and meets the highest standards. For more information and certificates, please visit the DATEV website:
https://www.datev.de/web/de/m/ueber-datev/datenschutz/zertifikate/

Where is the data center located?

By default, our data is hosted at the DATEV data center, which is located in Nuremberg, Germany. However, in order to comply with local data residency laws, we are able to host Auditi in any country that you require. If this is something you require, please let us know during your demo!

Application Security

What is application security?

This level involves ensuring that every component of the system is secure, for example: application code, databases, configurations, and third-party libraries. It includes potential weak points inside and outside of the application.

How does Auditi ensure application security?

Application security is a team effort. When developing Auditi, security was our top priority. Our team of developers consistently carry out code reviews to ensure that only high-quality secure code makes its way into our product. We have many manual and automated tests that measure the security of potential weak points like SQL injections, cross-site scripts, session and authentication weaknesses, and much more. In addition, we carry out regular penetration tests.

Network Security

What is network security?

Network security involves rules and controls to limit or reduce the incoming and outgoing traffic to production systems as well as the traffic within the system. It ensures that the necessary firewall rules exist and prevents attacks like malware, distributed denial of service (DDoS), as well as other potential exploits.

How does Auditi ensure network security?

Auditi monitors the system together with DATEV to detect any potential threats. We implement firewalls within our infrastructure as well as within our application to protect against internal and external threats. Additionally, we have an escalation protocol to quickly handle any problems.

Do you have technology that reduces the risk of DDoS-style attacks?

Auditi works together with DATEV to reduce the risk of DDoS-style attacks. In the event of a DDoS attack, DATEV has protocols and measures available, which reduce the effects of such an attack and ensure the system remains stable.

Data Privacy

What is data privacy?

Data privacy means making sure that your data as well as your employees' data is safe – whether inside the system or during data transmission over the network. This includes not only things like encryption, but also legal requirements like where data is located, who has access to it, and how requests to receive this data are handled.

How does Auditi ensure data privacy?

All traffic between Auditi and the user is SSL-encrypted. All communication with Auditi takes place via APIs which are verified by third party security companies.

Auditi also relies on the strict security guidelines from DATEV as well as their certifications which provide a key element to protecting your sensitive information.

Is the data encrypted?

Communications through Auditi are encrypted.

Information sent to and from Auditi (data in transit) is encrypted using TLS, the industry leader in encryption mechanisms.

Stored data (data at rest) is also encrypted.

Where is the data hosted?

By default, all your data is stored in the DATEV eG data center in Nuremberg where the data never leaves Germany, in accordance with national regulations.

If you are required to host Auditi in a different country due to data residency laws, we are able to accommodate this on request.

Who does the data belong to and who can see it?

Clients have full ownership of their data. Auditi does not access client information or use it for any purposes other than what is legally required or for the maintenance of our applications and for providing services to our clients and end-users. We never sell, share, or use client information for marketing or advertising purposes.

There are controls in place to prevent Auditi employees from gaining access to data other than what is provided by the client. Auditi takes great measures to ensure that users outside the organization have no access to the company and that all data within an account can only be seen or edited by authorized users chosen by the client.

Do you make backups and is there a recovery process?

Yes, the DATEV data center is used for hosting as well as regular backups. This data is fully encrypted. These backups, which include all user data and system protocols, are created daily and available for a limited time to be restored.

Access Control

What is access control?

Auditi requires password authentication and optional Two-Factor authentication to access the system. Once the user is in the system, they must be given permissions in order to carry out additional operations or access certain information. With permissions, you can decide who has access to what.

Does Auditi govern our security?

No. Your organization is responsible for developing suitable security guidelines for passwords and when using the security features provided by Auditi.

How do I manage permissions?

We created permissions so that you can decide who has access to the system and determine what they can or do. More information can be found in the Auditi user documentation.

What password settings are available?

Auditi does not accept weak or commonly used passwords. You will receive a notice that your password is not allowed.

Availability

What is availability?

You want to make sure that your service provider can guarantee that all services are available when you need them. A key component of availability is ensuring redundancies for data as well as for infrastructure so that there exists no single point of failure.

What does availability mean for Auditi?

Our dedicated team makes sure that our platform is ready and available whenever you need it. To offer you stable, high-availability services, we have built our system with redundant components, consistent monitoring, regularly planned integrity checks, and other similar features. We also carry out frequent backups to prevent work loss.

Partnership

What do we mean by “partnership”?

Does the provider have a strong track record of delivering high-quality stable solutions? Do they ensure that the needs and expectations of their client are met? Will they remain operational in the long-term? Choosing the right service provider is like choosing a business partner – make sure you have earned their trust to meet the needs of your business now and in the future.

Auditi was founded in 2012 and is providing software to over 250 audit firms - from single practitioners to BIG4 audit firms. You can learn more about our customers here: https://www.auditi.com/customers