For any business using cloud-based software, security and privacy are understandable concerns. You want assurance that your company and customer data are fully protected.
Intuit, the makers of QuickBooks Online (QBO), takes security extremely seriously. They utilize industry-leading measures and protocols to keep your QBO data safe.
Here’s an overview of QBO’s security practices and technology to understand how your data stays protected:
QuickBooks Online Secure Data Centers
All QBO servers and data repositories are located in state-of-the-art data centers managed by Amazon Web Services (AWS) and Microsoft Azure.
These facilities are designed to meet the highest standards for physical security, including:
- 24/7 monitoring and control over access
- Video surveillance
- Multi-factor entry requirements
- Redundant power and environmental controls
- Data backup systems and generators
- Disaster recovery protections
QBO data resides behind highly secure virtual and physical perimeter walls safeguarded around the clock.
QuickBooks Online Data Encryption
Data traveling between QBO servers and workstations is encrypted using TLS (Transport Layer Security). This scrambles data, so it is unreadable and useless if intercepted.
QBO also encrypts data at rest within data centers. Even if servers were accessed without authorization, stored data would remain encrypted and inaccessible.
No QBO data is ever transmitted or stored unsecured.
Access Controls
QBO leverages role-based access controls to restrict unauthorized visibility into your data. Employees at Intuit can only access the minimum customer data needed to do their jobs.
Strict access controls prevent any improper internal data access. All Intuit employees go through background checks and security training too.
Within your QuickBooks account, you control which users have access to what data through permission settings. Secure access at all levels.
Third-Party Audits
Intuit conducts frequent, comprehensive third-party audits of its security practices. This includes penetration testing to confirm there are no vulnerabilities hackers could exploit.
QuickBooks Online has maintained SOC 1 and SOC 2 compliance for two decades. This rigorous certification verifies effective security controls and that proper protocols are followed.
Third-party validation brings credibility to QBO’s security standards.
Patch Management
QBO developers rapidly deploy software patches and updates to fix any identified defects that could create security risks if exploited.
There is a set protocol for thorough testing before patches are applied. Updates occur outside of business hours to avoid disruptions.
Proactive patch management ensures the QBO platform stays hardened against emerging threats.
Data Integrity
Databases and servers have real-time replication to prevent data loss. If one system fails, others instantly take over to avoid any interruption in operations.
Data integrity is also enforced through:
- Transaction validation
- Input filtering
- Sanitization
- SQL injection prevention
QBO has a near-perfect track record of uninterrupted data access and zero data losses for its customers.
Disaster Recovery
While disruptions are highly unlikely due to security layers, QBO’s disaster recovery protections provide assurance that your data remains available in any worst-case scenario.
If a localized component fails, automated failover redirects traffic to backup data centers with no downtime. There is redundancy built into every layer.
Ongoing backups and hot mirroring also enable rapid restoration of servers. QuickBooks Online remains online 24/7, with your access and data intact.
Responsible Disclosure
Intuit encourages security researchers and customers to responsibly disclose any vulnerabilities discovered. This allows proactive remediation of issues before cybercriminals can exploit them.
Submit potential vulnerabilities privately through Intuit’s Hacker One page. They swiftly validate and fix any legitimate issues, often within hours, while rewarding disclosure.
Responsible disclosure enhances the overall security posture of QBO.
Dedicated Security Team
Maintaining the highest security standards requires focused expertise. That’s why Intuit employs a full-time cybersecurity team exclusively monitoring QBO defenses.
This in-house team manages the end-to-end security of the QBO platform and cloud infrastructure. Their sole job is to identify and close any gaps through technology, processes, and personnel.
Constant vigilance from security specialists provides peace of mind for your data’s protection.
Privacy by Design
Along with data security, maintaining strict privacy is a top priority. Intuit follows a “Privacy by Design” approach.
This means customer privacy is treated as a key element throughout the full software development lifecycle, from planning to design, development, testing, and deployment.
Software engineers receive mandatory privacy training. Components that fail to meet privacy standards are not launched. Privacy is never an afterthought.
Data Minimization
Intuit only collects the minimum customer data required to deliver exceptional service. They avoid the unnecessary collection of personal or sensitive data.
Strict internal data access controls limit exposure. All data is tightly secured in transit and at rest.
With minimization, QBO significantly reduces customers’ potential privacy risks.
Deletion on Request
Intuit makes it easy for customers to request the deletion of their data. Users can initiate account closure and data deletion within QBO.
Once confirmed, Intuit swiftly wipes the data from backups and other repositories. This complete removal ensures privacy when your use of QBO concludes.
Knowing that data can be purged provides further peace of mind.
GDPR Compliance
For QBO users internationally, it’s important to note that Intuit aligns with the European Union’s General Data Protection Regulation (GDPR) privacy framework.
They adhere to requirements for data processing consent, breach notification, anonymization, and cross-border data transfer. QBO helps users comply with their own GDPR obligations too.
Global privacy regulations are built into processes.
With its long track record of rock-solid security, advanced technology, responsible disclosure, third-party audits, layered defenses, and privacy focus, QuickBooks Online keeps your business data ironclad. You can feel at ease trusting QBO with your financial information.
Frequently Asked Questions
Can I control who sees my QBO data?
Yes, administrators can restrict employee access through granular user permissions. You manage which users see what data based on their role. Accountants also only see the client data you authorize.
Does QBO allow data removal upon closing my account?
Absolutely. Users can start account closure and data deletion themselves in QBO. Intuit wipes all associated backup data too. This complete removal protects your privacy when you stop using the software.