Security and Compliance

Security and Compliance Treaty

To safeguard our clients and their information, AuditorsDesk has taken on a proper data security board program that oversees programming advancement, foundation activity, organization, and conveyance of the AuditorsDesk application. These security programs, alongside a broad control climate, are lined up with and routinely surveyed against industry-standard structures, for example, NIST 800-53, ISO 27001, SSAE-18 SOC 2, Cloud Security Alliance STAR, and HIPAA. The AuditorsDesk application is facilitated solely on an AWS cloud framework that meets FedRamp moderate effect consistence prerequisites.

We Compile with GDPR

AuditorsDesk consents to the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) with respect to the assortment, use, and maintenance of individual data. For additional subtleties, see AuditorsDesk Privacy Policy.


Auditors Desk uses enterprise-grade security and administrative controls. All data is encrypted at rest and in transit. This protects data in multiple three key ways: Authentication ensures that you are communicating with us and prevents another computer from impersonating AuditorsDesk. Encryption scrambles transferred data so that it cannot be read by unauthorized parties. Data integrity verifies that the information you send to Auditors Desk is not altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.

Data Storage and Disaster Recovery Systems

Full backups run nightly. All data is replicated to at least three physically separate data centers.
Also have successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1), Type 2 report, published under both the SSAE 16 and the ISAE 3402 professional standards as well as a Service Organization Controls 2 (SOC 2) report. In addition, has achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). Has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in this case relates to operational performance and security to safeguard customer data. To learn more about our security and compliance please reach out to us.

Enterprise, Government, and Defense

Auditors Desk supports Single Sign-on (SSO), SAML, Active Directory (AD), and LDAP. We have partnerships with OneLogin and Okta. Auditors Desk also offers SIPRNet/NIPRNet deployments and CAC/PIV authentication for government entities and defense contractors.

Hosted Over AWS 

  • Trusted by Millions
    AWS has the highest level of trust for a huge number of organizations around the world, who
    depend on their broad and coordinated local security controls.
  • With You Everywhere
    All usefulness is open from an internet browser and any advanced program is viable.
  • Overt repetitiveness
    Servers are reproduced and load-adjusted across server farms and districts.
  • Actual Security
    AWS server farms use biometric section verification and have a day in and day out observation.

Controlled By You

  • One User Login
    Use industry-standard SAML 2.0 to coordinate your corporate registry or character suppliers like Active Directory, OneLogin, Okta, and numerous others.
  • Two-Factor Authentication
    Expect clients to validate with telephone-based one-time passwords (OTP) as a subsequent element.
  • Solid Authentication
    Tweak secret word strength necessities, secret word reuse strategies, and fizzled login endeavor limits.
  • Exact Authorization
    Use out-of-the-container job-based consents or make custom jobs to limit what can be seen and altered — down to the field level.
    IP Restrictions Limit what organizations can get to the AuditBoard application.

Protect Your Identity

  • End-to-End Encryption
    TLS 1.2 encryption safeguards client information any place it is moved.
  • Secure Deletion
    NIST-consistent information sterilization strategies are utilized to safely erase information that has arrived at the finish of its valuable life.
  • Information Integrity
    Your information is safeguarded from misfortune, control, or defilement by cryptographic hashing controls that authorize forming and give secure conditional abilities.
  • Storage Encryption
    All client records, information bases, and reinforcements are AES-256 cycle scrambled prior to being kept in touch with long-lasting plate stockpiling.

Audit Trails

  • Stringently Monitored
    All stage parts are firmly checked to guarantee execution, accessibility, and security.
  • Audit Review Logs
    Each datum change made in the framework is recorded against the verified client.
  • Login History
    Each fruitful or bombed endeavor to get to your AuditBoard case is recorded and visible.