As a company, it can be intimidating to know that important data such as financials, personal employee information, and sensitive company details are all stored in NetSuite. This can often lead to the question, how secure is NetSuite? Key NetSuite security features implemented by NetSuite implements include SOC 1, SOC 2, PCI-DSS, and EU-US Privacy Shield framework. But what do these mean? In this blog post, TAC will explain all of the security measures NetSuite takes to ensure your data is protected, along with the settings you configure as an administrator to protect your environment.
Key NetSuite Security Features
SOC1 Type II:
A SOC1 Type II report, also known as “Report on Management’s Description of a Service Organization’s System and the Suitability of the Design and Operating Effectiveness of Controls” or “SOC1”, is an audit report that independent third-party auditors prepare that NetSuite provides to its customers. A SOC1 report that important company financial information is stored securely and . This report with standards certified by the American Institute of Certified Public Accountants and the International Standard on Assurance Engagements 3402 (AICPA). While a type 1 report is focused on the set-up of internal financial controls, the type 2 report also includes the effectiveness of the financial control design within a specific period.
SOC2 Type II:
SOC2 reports are designed for companies that handle or store client information. ensure that customer data is safeguarded from unauthorized access security incidents and anomalies detected across the entire NetSuite system. The type II report encompasses both design and operating effectiveness and is also prepared by a third-party auditor to ensure security and reliability.
PCI DSS:
ISO 27001:
ISO27001:2013 is a global standard for the security of information security management systems (ISMS). NetSuite service’s ISMS is ISO 27001 certified. This certification attests to NetSuite’s compliance with the standards and the existence of established procedures to uphold the security of customer information.
How Can You Help Keep NetSuite Secure?
Setting up 2FA
Enabling 2FA for high-clearance roles is critical to securing your company’s NetSuite environment.
On the role level, you can enable 2FA for any customized role. It is essential to consider which roles have high-level access to transactions and financial reports when enabling 2FA.
With 2FA, when users log in for the first time they will be promoted to set up 2FA. Users can configure their own 2FA settings and will have their choice of authenticators to use.
When a user logs in, they enter their login credentials as well as enter a verification code, which is a string of randomly generated numbers that changes at an interval. This additional layer of security ensures that even if a user’s password is compromised, 2FA requires the user’s mobile device for verification, providing an extra layer of protection for your NetSuite environment.
Managing Password Policy
As a Netsuite administrator, you have the ability to set password policy settings under General Preferences in your environment. When configuring a password policy for your company, you have three different options.
Password Policy
Here, you have three options to select from:
- Weak - This requires passwords only to be six characters long and has no stipulations on the character type.
- Medium - This requires passwords to be eight characters long and requires two different character types.
- Strong - This requires passwords to be at least ten characters long and it must include three different character types; it is the recommended option to ensure the highest level of security for users.