Data Security and Compliance
We understand how valuable our users' data are and how important it is to protect them. Therefore, we ensure that all our user information remains safe by implementing various methodologies to maintain multiple layers of security.
Here, we have listed all the security standards and protocols set by TaxBandits to protect our users' data.
Compliance
-
SOC 2 Compliance
TaxBandits is SOC 2 certified e-file provider. As required by SOC 2 compliance, we undergo regular audits to ensure that we protect our user data and privacy in every aspect.
-
HIPAA Compliance
As per the Health Insurance Portability and Accountability Act, we have implemented all the required security measures to secure the Protected Health Information (PHI) of our users.
-
CCPA Compliance
We adhere to all the regulations of the California Consumer Privacy Act (CCPA) in handling the personal information (PI) of California residents.
-
PCI DSS Compliance
All the payment processing tools used by TaxBandits adhere to PCI-compliance requirements for encrypting and securely transmitting credit card data.
Data Protection
-
Two Factor Authentication
For two factor Authentication, we provide our users with an option to utilize Google authenticator, Authy by Twilio, Microsoft authenticator, Last Pass, and the 2FA Authenticator applications.
-
Firewall
We have a firewall that monitors and prevents our system from any suspicious and unnecessary traffic.
-
Antivirus
Our system is protected by antivirus software that serves as a powerful defense mechanism against viruses and other types of malicious software.
-
PII Data Security
We follow all the regulations of PII data security standards to ensure that your personal information (Social Security numbers, email addresses, phone numbers, etc) are secure.
-
Encryption - Data-in-Rest, Data-in-Motion & Data-in-Use
We encrypt all the user data which are stored in our database (Data-in-rest) and data which are transmitted between networks or devices (data-in-motion).
Also, we follow SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols to encrypt the data which are currently being accessed or read (Data-in-use).
-
Database Management
To maintain the security and privacy of the database system, we perform data fragmentation. We frequently carry out data backups as a preventive measure against any unprecedented security incidents.
See how we counter any security disasters.
-
Defense In-Depth Security
We have employed a Defense In-Depth (DID) security approach to guard our users' information across our database with multiple layers of security mechanisms and controls.
-
Oracle Cloud Infrastructure Security
Our database is maintained through Oracle Cloud Infrastructure Security, and our servers are under Compute Security protection. Through Application Segmentation, all the sensitive data in our database remains isolated and unbreachable.
A dedicated whitelist is associated with an individual instance in the cloud, allowing only specific sources to communicate to the instance.
-
Data Loss Prevention
Data Loss Prevention (DLP) practices are carried out to avoid loss of sensitive data and data exfiltration from our system.
Network Security
-
Secure Remote Access - VPN
Access to all our servers, data, and tools have been restricted to allow only authorized SPAN corporate personnel who are connected through our secure VPN network. Also, only the IP addresses from selected geographical locations that we have authorized can access our network.
-
Wireless Security
Accessing our system through any unauthorized wireless networks is restricted to prevent the confidentiality of all our data.
-
Perimeter Security - WAF for Application
Our Web Application Firewall inspects the traffic to our application and filters out suspicious and malicious ones.
-
Internet URL Filtering
To prevent the entry of any security threats into our system, access to websites that contain potentially malicious content (Eg: Phishing Pages) is restricted throughout our network.
Preventive Measures
-
Secure Software Development -DevSecOps
We rely on the DevSecOps approach and follow Secure Software development practices to ensure that our application possesses all the security qualities in each stage of software development.
-
Threat Modeling
By foreseeing potential security threats and vulnerabilities right at the development of our application, we formulate strategies to negate and nullify them.
-
API Security
As there is a possibility of APIs exposing sensitive data, we have a designated security checklist for the APIs. This helps us identify and eliminate any potential security vulnerabilities in our API endpoints.
-
Incident Management
TaxBandits is always prepared to counter any unprecedented and unexpected security incidents with instant solutions. In case of any sudden security issues, we analyze and take immediate action so that our users remain unaffected.
-
Change Management
We don’t leave any room for security issues that may arise with our application changes or other software updates. We have various countermeasures to make sure that all our data and services encounter a minimal impact with any such changes.
Security Standards
-
Security Policies
We have clearly defined policies in place to ensure the utmost data security. We adhere to these policies in our day-to-day practices and activities related to data.
-
Security Awareness Training
Every one of us at TaxBandits has a clear-cut understanding of data security. We constantly update ourselves with new technologies and security mechanisms to counter any unprecedented threats.
-
Robust Architecture and Design
We have streamlined workflows and models to depict our security framework, defining the implementation and ongoing management of all our security methodologies and standards.
-
Escalation Matrix
The responsible personnel and notification procedures in the event of any security incidents for each escalation level have been clearly defined and are being followed. In the event of an escalation, the responsible personnel will take the necessary actions at each level.
Security Evaluation
-
Penetration Testing
Frequently, there will be simulated cyber attacks made on our application and database by our security engineering team to test the effectiveness of all the security mechanisms and technologies we have implemented.
-
Monitoring and Response
There is constant monitoring of our network and application to identify any potential security threats. When there is such a threat identified, we perform event log analysis to respond with proactive measures for negating the threat.
-
Windows/Server Hardening
We perform a sequence of server hardening processes to eliminate all the potential vulnerable points for security attacks in our servers.