Answers to 5 important IT security questions
In a digital bookkeeping system, your accounting data is in the cloud. Here are five key points about data security.
At a construction site, there are many safety regulations and requirements for those working at the site. Something similar can be said about digital systems – here there are also some requirements and recommendations we each must follow to avoid security breaches.
You can do a lot yourself to strengthen the security around IT and data. But it is also good that you demand a high security level from us as your supplier of the bookkeeping system used in the company.
In this article, you will find answers to five important questions about IT security in EG Xena. They are based on the Danish Agency for Digitization and the Danish Business Authority’s recommendations.
#1: What does EG Xena do to protect against unwanted access to your accounting data?
We have chosen a skilled partner for hosting EG Xena and all your data. The servers are in a Danish data center and protected behind a firewall. All data traffic is encrypted.
We provide a wide range of security settings to protect against unauthorized access to the system, for example two-factor authentication. If someone tries to log in with your account, it will be locked after five failed attempts.
#2: What does EG Xena do to ensure availability and high uptime?
It is our hosting partner who ensures daily backup of all data. They also do maintenance on the servers, so they are reliable. The hosting center has precise procedures to stay secure and, if necessary, restore data from backups if something is lost.
As part of our ISAE 3402 certification, we have a documented contingency plan that enters into force if there is a threat to our systems. The contingency plan is evaluated every year.
#3: Does EG Xena have documentation for security?
Yes, we do. To document that we live up to high safety standards, we have asked external security experts to evaluate our procedures and settings. With these auditor’s reports, we are certified to comply with high international safety standards.
- ISAE 3000 documents that we comply with GDPR legislation and maintain adequate data protection.
- ISAE 3402 documents that we have the emergency security procedures in place and good IT practice/ethics regarding our infrastructure and data storage.
The next renewal of the declarations is in 2023. You can find out more about our certificates on the "IT and data security" page.
#4: What does EG Xena do to protect personal data? (GDPR)
Our data processor agreement describes how we process data and which subcontractors also process data.
EG’s Data Protection Office is a department that prepares and implements procedures throughout EG’s organization. They help to prevent security breaches as well as direct what to do if an accident should happen.
All EG employees undergo mandatory training in the correct processing of personal data to prevent security breaches.
#5: What is the division of responsibility between you as a customer and us as a supplier?
As defined in the GDPR legislation, EG is a data processor. As a buyer and user of EG Xena, you are the data responsible because you handle which data enters the system and who gains access to your fiscal.
We recommend all our customers:
- Be careful with IT security. Follow best practices and official recommendations.
- Create a strong password that is unique to your access to EG Xena.
- Use our security settings such as two-factor authentication.
- Regularly review who has access to your fiscal.
We can help each other take good care of the financial data you store with us!
If you would like more information or a dialog with us about data security, please contact our support.