Learn about some of the details of the Intacct datacenters and measures of security that Intacct takes to protect the cloud they provide to house your accounting and finance data. See why industry experts say that very few - if any - small to medium businesses could spend this kind of money and takes these measures to protect their data and systems.

1. CONFIDENTIAL | 1
Security and Operations
Trusting Your Financials to the Cloud

2. 2
Early Decisions…
 Who is our customer?
– Design for accounting and finance professionals
– Enable a community of partners
 Product Strategy
– Best-in-class—stay focused on accounting and finance apps
– Multi-ledger—build a reusable framework is always the approach
– Double-entry
– Approach to the close
 Technology
– Multi-tenancy
– Web Services in the first version
– Php / linux / apache on top of oracle
– Commodity hardware, open source systems, premium
networking, premium hosting

3. 3
The Intacct API
 Accessible via Web Services or custom business logic (triggers)
 Access to all standard and custom objects and fields
 Standard Create, Read, Update, Delete plus readByQuery(), readView()
 Specialty objects designed for external use like GL Total, GL Detail
Roughly 50% of Intacct transactions post via Web Services

4. 4
The Commercial Packaging
Included
Customization
Services
Optional
Web Services
Optional
Platform
 Extensions to standard objects, including
 Custom Fields, Smart Rules, Smart Links, and Smart Events
 Access to Intacct’s API
 Used when integrating an application that is external to the Intacct Service
 Also use to automate Intacct processes via external scripts
 Includes all Customization Services +
 Access to Intacct’s custom application development environment
 Hosting of your custom application within Intacct production operations

5. 5
Intacct Operations

6. 6
Primary Data Center
 World class Savvis Hosting Center
– Access to premium services and network connectivity
– Multi-layer power generation
– State-of-the-art fire suppression
– Redundant HVAC
– Other customers include Salesforce.com, UBS, Adobe, Workday, Merrill Lynch,
Goldman Sachs, Rueters, etc
 Network
– Connections to multiple backbones
– Ample bandwidth burst capacity
– Redundant paths and equipment
 Hardware
– Standard “commodity” servers and other hardware
– All 100% owned by Intacct
– Access controlled cages; managed only by Intacct personnel

7. 7
Backup and Monitoring
 Backups
– Full nightly backups
– Nightly logical exports
– 96 hours of transaction “roll-back” capability–to the minute
– Backups kept on local disk, tape and off-site
– Backups and Redo logs pushed to Disaster Recovery site
– Quarterly database restore testing
– Annual Disaster Recovery testing
 Monitoring
– Redundant external monitoring from multiple Internet locations
– Daily posting of performance on the Intacct website
– Internal system monitors if fine detail (~900 service points)24x7 monitoring and
response coverage
– Detailed performance and usage information allows us to spot issues
– before they become problems

8. 8
Disaster Recovery Center
 Applications are guaranteed to be back up and available within 24 hours even if Savvis
data center is completely destroyed
– Never lose more than two hours of work
– Regularly exercised by Intacct
 No charge to Intacct clients
Recovery
Inventory
Data Center
Sacramento, CA
Disaster
Servers
Collected
Data
Internet
Intacct - Savvis Data Center
San Jose, CA Hot standby
Separate geography

9. 9
Data Security
 All Intacct employees undergo background checks before hire
 Secured networks and production assets:
– Intacct corporate networks are secure
– Production networks are segregated with further access restrictions
– Very limited and controlled access (both physical and logical) to all production
assets
– Continuous internal threat monitoring and periodic 3rd party testing
 Secure application:
– Access to customer data controlled by the customer; must be granted, even to
Intacct support
– Browser sessions all secure
– Partners have an important part to play

10. 10
Buy With Confidence—Why It is Your Friend
 Intacct’s guarantee to your customers
 Covers all Intacct users
 We pay, you don’t
 Industry 1st
 Industry most comprehensive

11. 11
What Does the BWC Cover
Uptime
Response Time
Fix Times
Futures
PS Quality
(Direct)

12. 12
Transparency Operations
https://us.intacct.com/status

13. 13
SSAE 16 SOC 1 Type II AuditType II
• Report is for a period of
time as opposed to a
single point in time
• Includes ongoing
observations and testing
SOC 1
• Service Organization
Control report
• SOC 1 = restricted to
controls relevant to audit
of a user entity’s financial
statements (like SAS 70)
• SOC 2 & SOC 3 = reports
on non-financial controls
at a service organization
Audit
• Examination,
documentation and
testing of an array of
internal controls
• Control “objectives”
specific to Intacct
SSAE 16
• Replaces SAS 70
• Statement on Standards
for Attestation
Engagements No. 16
• To assure safety and
integrity of data while in
the hands of a third party
service organization

14. 14
Intacct’s Control Objectives are Broad
Control Objective No. 1 – Management and Organization: Control activities provide reasonable assurance
that discipline and structure are an integral part of the organization and influence the control consciousness of its personnel.
Control Objective No. 2 – Physical Access and Environmental Security: Control activities provide
reasonable assurance that access to and movement within the corporate facility is properly controlled and monitored. Additionally,
access to server rooms, storage media, and other critical infrastructure is limited based on job responsibilities
Control Objective No. 3 – Data Backup and Restore: Control activities provide reasonable assurance that timely
and periodic data backups are preformed and the associated restore process is tested, access to backup data is limited, and offsite
backups are maintained.
Control Objective No. 4 – System Availability: Control activities provide reasonable assurance that primary runtime
systems are maintained in a manner that helps ensure system availability.
Control Objective No. 5 – Service Level Agreement: Controls provide reasonable assurance that policies and
procedures are in place and appropriately followed such that Intacct can meet the systems availability objectives of its Buy-with-
Confidence service level agreement.
Control Objective No. 6 – Logical Access Security: Control activities provide reasonable assurance that system
information, once entered into the system, is protected from unauthorized or unintentional use, modification, addition or deletion.
Procedures are also in place to keep authentication and access mechanisms effective.
Control Objective No. 7 – Change Management: Control activities provide reasonable assurance that changes to
Intacct’s on-demand financial management and accounting applications and supporting systems are properly authorized, tested,
approved, implemented and documented.
Control Objective No. 8 – Network Security: Control activities provide reasonable assurance that the security
infrastructure limits unauthorized access to internal networks and external threats are appropriately limited.

15. 15
Other Certifications and Compliance
Privacy Policy

16. 16
Governance & Compliance
 GAAP / SOX Compliant
 Complete Audit Trails
 SAS 70 Type II Certified
 PCI DSS Compliant
 Granular Access Control
 Smart Rules / Alerts
 Automated Sales Tax