In this article:
For businesses of all sizes, Internet-based applications are a great alternative to conventional software. When you choose a Web-hosted application from TimeSolv, security is one of the biggest benefits. There are numerous security advantages to using TimeSolv compared to running packaged business application software in-house.
TimeSolv keeps your data in a secure data center facility. Think of it like a bank vault for your information, with 24-hour security personnel, key-card access systems, and strict sign-in/out procedures, video surveillance and after-hours motion detectors. Getting into your office’s server is child’s play by comparison.
These same data centers provide tremendous network security to prevent hackers from breaking into the server containing your data, including multiple levels of network software security. Does your company have network security personnel on staff?
All TimeSolv accounts are password protected. TimeSolv offers two-factor authentication and a password expiry process for users. Your password is encrypted when you first enter it and is saved in encrypted form at TimeSolv. In other words, even we don’t know your password!
Everything is Encrypted
Every time you enter information in one of our applications and send it across the Internet (by choosing Save or pressing Enter), that information is scrambled using 128-bit encryption. Just look for the padlock icon at the bottom of your browser. When you see this you know the page is protected by SSL (Secure Sockets Layer).
Limited Employee Access
All TimeSolv employees know customer security is paramount, and every employee signs a customer confidentiality agreement upon being hired. Even so, only a handful of employees have access to your account data, and then only for emergency use.
Two-factor authentication is an important part of improving security, increasing productivity and flexibility, lowering helpdesk and security management costs, reducing fraud with the ability to build secure online relationships. TimeSolv understands that while the internet is a trusted medium for hosting critical applications and information, passwords can often be the weak link in the chain of security between a web application and a user. That's where our secure two-factor authentication feature comes up.
Two-factor authentication is a second layer of security to protect your account. Users must go through two layers of security before being granted access to an account or system. The first would be their TimeSolv username and password, and the second factor would be a one-time PIN code. First of all, you will want to make sure you enable it under Account>Settings>General tab.
Specify how often users need to authenticate and select the authentication type as either ' By email' or 'By Authenticator App'. If you set it as 'by email', the user will get a one-time PIN code emailed to their registered address which they'll need to log in. If it's set as 'by authenticator app', the user will need to scan a QR code on an authenticator app to generate their one-time PIN code.
For an authenticator app setting, once settings have been enabled, next time users attempt to log in they will have to go through a series of steps before they can access their TimeSolv accounts. When they try to log in, they will see this screen:
This means that the user will first have to install an authenticator app if they haven't done so already. To download the app on your phone, open up the app store on your phone and search for an authentication app, or scan the QR code from your phone by clicking on 'click here' link shown on 'Step 1' of the TimeSolv screen. TimeSolv recommends the Microsoft Authenticator app.
In this example, I'll lead you through the steps on the Microsoft Authenticator app. Once you've downloaded the authenticator app, open it up and click on 'Add account'. Select 'Other' for the kind of account you'll be adding. This will open up a QR code scanner. Scan the code you see on 'Step 2' of the TimeSolv screen.
Once successfully scanned, you'll get a unique 6 digit PIN code from the authenticator app that's only valid for a few seconds, so make sure you're quick to type that into the field shown on 'Step 3' of the TimeSolv screen. You should be logged in now and ready to go.
Terms of Service
This section details of frequently asked questions on TimeSolv’s security and data infrastructure.
|1||What infrastructure is used for hosting the application and the website?||TimeSolv is hosted by a state-of-the-art data center provided by Amazon Web Services (AWS). Highly encrypted 128-bit SSL is used for data transmission between your browser and our data center.AWS has completed SAS 70 compliance and a Type II Audit, as well as being ISO 9001 certified. Add that we’re PCI DSS compliant to the mix, and you can rest assured your data is completely protected. Security, however, isn’t everything. Our customers demand reliability. So here at TimeSolv, we also use a state-of-the-art agile development environment in order to provide you with almost 100% uptime. To see for yourself, check out a report on our site by Pingdom, a third-party monitoring service. Or, just take a look below. For redundancy, the public-facing website is hosted with a managed service high availability hosting provider.|
|2||Is TimeSolv PCI (Payment Card Industry Data Security Standard) compliant?||TimeSolv is PCI compliant with security audit and compliance certified by SecurityMetrics, https://securitymetrics.com .|
|3||What mechanisms are in place to ensure that only authorized personnel will be able to access your data?||All passwords are encrypted and TimeSolv employees do not have access to passwords to access production data. Datacenter access is strictly limited to technical staff. Electronic security systems control data center access and are accompanied by a full complement of motion detecting security cameras which monitor the entire facility. Data Center facility external walls are reinforced poured concrete. Data centers are a fully managed facility, which means we have level 3 technicians on site 24 hours per day.|
|4||Does the contract address confidentiality?||Yes, the customer contract includes terms of service agreement addressing the confidentiality of customers’ information. See TimeSolv’s Privacy Statement at https://timesolv.com/privacy.html|
|5||How frequently are back-ups performed?||Onsite backups are performed in near real-time with a maximum delay of 5 minutes on a redundant database server. Offsite backup is performed automatically every day with Amazon.com on the west coast. In addition, TimeSolv provides automated daily backup via the Automatic Data Export services.|
|6||Is data backed up to more than one server? Where are the respective servers located? Will data always stay within the boundaries of the United States?||Onsite backups are performed in near real-time at the data center with a maximum delay of 5 minutes on a redundant database server. Offsite backup is performed automatically every day with Amazon.com on the west coast. All data is kept within the United States.|
|7||How secure are the data centers where the servers are housed?||Datacenter access is strictly limited to technical staff. Electronic security systems control data center access and are accompanied by a full complement of motion detecting security cameras which monitor the entire facility. Data Center facility external walls are reinforced poured concrete.|
|8||What types of encryption methods are used and how are passwords stored? Is your data encrypted while in transit or only when in storage?||128 bit SSL for all data transmission and password storage. Data is encrypted while in transit.|
|9||Are there redundant power supplies for the servers?||Amazon AWS is a highly available, distributed cloud computing platform with redundant power sources.|
|10||Does the contract include a guarantee of uptime? How much uptime?||TimeSolv is open to signing a guaranteed uptime and compensation due to an unexpected period of downtime. TimeSolv’s historical uptime exceeds 99.99%.|
|11||If a natural disaster strikes one geographic region, would all data be lost? Are there geo-redundant backups?||
|12||If there is a data breach, will you be notified?||TimeSolv has not experienced a data breach. Customers will be notified in case of a data breach.|
|13||What rights do you have upon termination?||TimeSolv does not hold hostage any of client’s data. All data is available for download with a built-in option as CSV files. TimeSolv is open to providing a contract with specific service levels to meet the client’s needs.|
|14||Can we back up data locally?||Each client can back up their data as a compressed file with an included data download utility. TimeSolv doesn’t hold data hostage to resolve billing disputes. The client can also receive a copy of their data in CSV (Comma Separated Values) format via Automatic Data Export service at $19.95/month every day to backs up on their own servers.|