NER Cloud Office Security

General

As a state-licensed, full-service virtual real estate brokerage software developer, NER is committed to providing a highly secure and reliable software. NER Cloud Office software is built on Amazon Web Services (AWS), which is compliant with a wide variety of industry-accepted security standards. Additionally, our engineers utilize proven and state-of-the-art security technologies and techniques in order to protect all systems, data, and information from unauthorized access in the best possible way.

If you have any questions or need additional information, please write to security@nercloudoffice.com.

What data is stored?

NER stores the following general data that is necessary for the purposes of its electronic tax filing service:

  • Account name
  • First and last name
  • License terms
  • Email address
  • Phone number
  • Social Security number (SSN)
  • Employer Identification Number (EIN)

NER does not store bank information or credit card data. NER uses your information to process requests for certain services or information. Providing your information is generally voluntary, but if it is not provided, we might not be able to process your transaction. When information is required, we will let you know before we collect it.

Where is my data stored?

For data storage, analysis, and backups, NER utilizes the preexisting Amazon AWS cloud infrastructure and therefore shares several AWS standards and accreditations. All virtualized servers are run in the US East (Northern Virginia) region.

Among others, Amazon AWS is certified by the following security compliance standards:

Reference: Amazon Security Bulletins

Who has access to my data?

  • NER does not share customer data with third parties.
  • Administrative access to customer data is restricted to a small number of closely managed NER administrators.
  • Access to production systems and data follows the security standard of Least Privilege.
  • For debugging purposes, access to affected code lines of an issue can be granted in accordance with the respective customer.

How is my data protected?

Network Security

  • All traffic from and to our service is encrypted using the SSL/TLS protocol.
  • We enforce the usage of strong TLS ciphersuites.
  • Data within our infrastructure is transmitted via encrypted VPNs.
  • All systems are firewalled to a minimal number of access points.

Account Security

  • Only the account owner can access his separated account data by using his private password.
  • We enforce a strong password policy.
  • Passwords are stored hashed and salted (bcrypt).
  • Access to an account is logged, tracked, and audited.
  • Brute-force attempts are automatically prevented.
  • To complete the login process, an authentication code is sent via SMS to the account holder’s mobile device.

System Security

  • All operating systems are maintained according to best practices in the industry.
  • All recommended patch levels are applied.
  • Unneccessary users, services, and components are disabled.
  • All systems are constantly monitored.

Secure Data Storage

  • Data is stored on a virtualized server on Amazon AWS.
  • Source code is stored encrypted using AES-256.
  • Code analysis is performed with an isolated and virtual instance that is destroyed after analysis.
  • Database backups are stored and transmitted encrypted at all times.
Share This
Skip to toolbar