Data Security and Compliance

Add another layer of security to your account with the multi-factor authentication feature. This requires you to verify your identity by entering a unique code sent to you each time you sign in.

Our firewall monitors and prevents any suspicious or unnecessary traffic from accessing the system.

Our system is protected by antivirus software that serves as a powerful defense mechanism against viruses and other types of malicious software.

We follow all the regulations of PII data security standards to ensure that your personal information (Social Security numbers, email addresses, phone numbers, etc.) is secure.

All client data that is stored in our database (Data-in-rest) or transferred between networks or devices (Data-in-motion) is encrypted.

We follow SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols to encrypt data that is currently being accessed or read (Data-in-use).

To maintain the security and privacy of the database system, we perform data fragmentation. We frequently carry out data backups as a preventive measure against any unprecedented security incidents. Learn more about preventative measures

A Defense In-Depth (DID) security approach is used to guard client information across our database. This includes multiple layers of security mechanisms and controls.

Our database is maintained through Oracle Cloud Infrastructure Security, and our servers are under Compute Security protection. Through Application Segmentation, all the sensitive data in our database remains isolated and unbreachable.

A dedicated whitelist is associated with an individual instance in the cloud, allowing only specific sources to communicate with the instance.

Data Loss Prevention (DLP) practices are carried out to avoid loss of sensitive data and data exfiltration from our system.

Access to all our servers, data, and tools is restricted to allow only authorized SPAN corporate personnel who are connected through our secure VPN network. Only the IP addresses from select geographical locations that we have authorized can access our network.

Access to our system through any unauthorized wireless networks is restricted to prevent the confidentiality of all our data.

Our Web Application Firewall inspects the traffic to our application and filters out anything that is suspicious and malicious.

To prevent the entry of any security threats into our system, access to websites that contain potentially malicious content (Eg: Phishing Pages) is restricted throughout our network.

We rely on the DevSecOps approach and follow Secure Software development practices to ensure that our application possesses all the security requirements for each stage of software development.

By foreseeing potential security threats and vulnerabilities right at the development of our application, we formulate strategies to negate and nullify them.

As there is a possibility of APIs exposing sensitive data, we have a designated security checklist for the APIs. This helps us identify and eliminate any potential security vulnerabilities in our API endpoints.

Tax990 is prepared to address any and all unprecedented and unexpected security incidents with immediate solutions. In the event of an incident, our team will take urgent action so that our clients are unaffected.

We don’t leave any room for security issues that may arise with our application changes or other software updates. We have various countermeasures to make sure that all our data and services are minimally impacted by any such changes.

We have clearly defined policies in place to ensure maximum data security. We adhere to these policies in all day-to-day practices and activities related to data.

The Tax990 team has a clear-cut understanding of data security. We continuously educate ourselves with new technologies and security mechanisms to counter any unprecedented threats.

We have streamlined workflows and models to depict our security framework, defining the implementation and ongoing management of all our security methodologies and standards.

The responsible personnel and notification procedures in the event of any security incidents for each escalation level have been clearly defined and are being followed. In the event of an escalation, the responsible personnel will take the necessary actions at each level.

Frequently, there will be simulated cyber attacks made on our application and database by our security engineering team to test the effectiveness of all the security mechanisms and technologies we have implemented.

There is constant monitoring of our network and application to identify any potential security threats. When there is such a threat identified, we perform event log analysis to respond with proactive measures for negating the threat.

We perform a sequence of server hardening processes to eliminate all the potential vulnerable points for security attacks in our servers.