• Tiếng Việt
  • English

Operational Security

Home / Operational Security

NetSuite employs stringent round-the-clock monitoring tools, controls and policies and a dedicated tenured security team to ensure that it provides the strongest security for its customers.

NetSuite has met a host of audit and security standards including SOC 1, SOC 2, PCI-DSS and EU-US Privacy Shield framework. In addition, NetSuite has modeled its security and risk management processes according to National Institute of Standards and Technology (NIST) and ISO 27000 series of standards.

Benefits

  • Get stringent security certifications for your business applications that are otherwise expensive and onerous to achieve in-house
  • Upgrade your applications security with NetSuite’s continuous, dedicated security monitoring
  • Enjoy security controls such as fully guarded premises and physical access management that are economically unachievable with typical in-house, on-premise deployments.

Key Features

Comprehensive Security Certifications

  • SOC 1 Type II: NetSuite provides an SOC 1 Type II audit report to its customers prepared by and audited by independent third-party auditors. This report, commonly referred to as Service Organization Controls report, or SOC 1, is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and International Standard on Assurance Engagements 3402, “Assurance Reports on Controls at a Service Organization”, issued by the International Auditing and Assurance Standards Board.
  • SOC 2 Type II: The AICPA created the System and Organization Controls (SOC) II report to provide management of a service organization, user entities and other specified parties with information and a CPA’s opinion about controls at the service organization that may affect user entities’ security, availability, processing integrity, confidentiality or privacy. Oracle NetSuite’s SOC II is a type II report which means it covers both design and operating effectiveness, are prepared and audited by independent third-party auditors and covers controls on security, availability, and confidentiality.
  • PCI DSS: In complying with PCI-DSS requirements, NetSuite offers optional 3D Secure credit card authentication—also known as Verified by Visa and MasterCard SecureCode. 3D Secure adds a higher level of credit card fraud protection. It requests shoppers to create authentication passwords for their credit cards, or requires them to enter their password if they already have one assigned
  • EU-US Privacy Shield: Oracle complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention when a customer and Oracle have agreed by contract that transfers of personal information from the European Economic Area (“EEA”) or Switzerland will be transferred and processed pursuant to the Privacy Shield for the relevant services. When conducting those activities on behalf of its EEA or Swiss customers, Oracle holds and/or processes personal information provided by the EEA or Swiss customer at the direction of the customer. Oracle will then be responsible for ensuring that third parties acting as an agent on our behalf do the same.

    Oracle has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
  • ISO 27001: ISO 27001:2013 is a globally recognized international standard that defines a set of requirements to build an information security management system (ISMS) to provide management better control of its information security processes. NetSuite service’s ISMS is currently ISO 27001 certified, which demonstrates that NetSuite meets the requirements of the standards and that processes are in place to enforce the security of customer’s information.

Continuous Security Monitoring

  • NetSuite employs numerous intrusion detection systems (IDS) to identify malicious traffic attempting to access its networks
  • Any unauthorized attempts to access the data center are blocked, and unauthorized connection attempts are logged and investigated
  • Enterprise-grade anti-virus software guards against trojans, worms, viruses and other malware from affecting the software and applications.

Complete Separation of Duties

  • Job responsibilities are separated, and mandatory employee background checks are employed at all levels of NetSuite operations
  • The principle of least authority (POLA) is followed and employees are given only those privileges necessary to do their duties.

Managed Physical Access

  • Stringent physical security policies and controls to allow unescorted access to pre-authorized NetSuite Operations personnel
  • Photo ID proximity access cards and a biometric identification system provide assurance against lost badge risks or other attempts at impersonation. Proximity card reader devices are located at major points of entry and critical areas within the data centers
  • Single-person portals and T-DAR man traps guarantee that only one person is authenticated at one time to prevent tailgating
  • All perimeter doors are alarmed and monitored and all exterior perimeter walls, doors, windows and the main interior entry are constructed of materials that afford Underwriters Laboratory (UL) rated ballistic protection.

Fully Guarded Premises

  • On-premise security guards monitor all alarms, personnel activities, access points and shipping and receiving, and ensure that entry and exit procedures are correctly followed on a 24/7 basis
  • CCTV video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter
  • Video is monitored and stored for review for non-repudiation.

Continuous Data Center Performance Audits

  • NetSuite Operations manages ongoing SOC 1 Type II and PCI compliance
  • Risk management is modeled after the National Institute of Standards and Technology’s (NIST) special publication 800-30 and the ISO 27000 series of standards. Periodic audits help ensure that personnel performance, procedural compliance, equipment serviceability, updated authorization records and key inventory rounds are above par.

Learn About OneWorld Global Business Management

  • Business requirements: The ERP system should meet your organization’s business needs and align with your operational processes.
  • Scalability: The system should be scalable to meet your organization’s future needs, including growth, expansion, and changing business requirements.
  • Customization: The system should allow for customization to meet specific business needs and integrate with other systems.
  • Integration: The ERP system should integrate with other systems and applications your organization uses, such as CRM, HR, accounting, and inventory management.
  • Ease of use: The system should be user-friendly and easy to use, reducing training costs and ensuring a smooth transition for employees.
  • Cost: Consider the total cost of ownership, including licensing, implementation, training, and ongoing maintenance costs.
  • Security: The ERP system should have robust security features to protect sensitive data and prevent unauthorized access.
    Vendor reputation: Choose a reputable vendor with a proven track record of delivering quality ERP systems and excellent customer support.
  • Support & maintenance: The vendor should offer reliable support and maintenance services to ensure smooth system operation and minimize downtime.
  • Industry-specific features: The ERP system should have industry-specific features that meet your needs, such as compliance with regulatory requirements or specific reporting capabilities.
  • Experience and expertise: Choose a vendor with a proven track record of delivering successful ERP implementations. Look for reviews, case studies, and references to evaluate the vendor’s experience and expertise.
  • Project management methodology: Check their project management approach and see how they manage risks, issues, and change requests.
  • Team composition: Ensure the vendor has the right team composition to deliver successful implementation, with skilled and experienced members having diverse expertise like functional, technical, and project management.
  • Customization capabilities: The vendor should have customization capabilities to meet your specific business needs and integrate with other systems.
  • Cost: Consider the vendor’s pricing structure, including implementation, training, and ongoing maintenance costs.
  • Training and support: Check their training and support processes and see how they will help you and your employees throughout the implementation and beyond.
  • Change management expertise: The vendor should have experience in change management, ensuring your organization can adopt the new system smoothly and efficiently.
  • Communication and collaboration: The vendor should have open and transparent communication channels and foster collaboration between their team and your organization.
  • Data security: The vendor should have robust security features to protect sensitive data and prevent unauthorized access.
  • Scalability: The vendor should have the capabilities to scale the system to meet your organization’s future needs, including growth, expansion, and changing business requirements