Specific Security Measures

Aim of Technical and Organisational Security MeasureDetails of Measures
Secure personal data in transit
  • TLS in-transit encryption
Secure personal data at REST
  • AES-256 object-storage encryption
  • AES-GCM database encryption
  • MFA
  • IP based access control lists
  • Remote VPN endpoints
  • Logging and auditing
  • Intrusion detection
Secure personal data within data backups
  • AES-256 backup encryption
  • MFA
  • IP based access control lists
  • Logging and auditing
  • Intrusion detection
  • Immutable backup vaults
  • Continuous real-time backups
  • AWS physical security.
Authorised User identification and authorisation
  • MFA
  • SSO (SAML 2.0)
  • Password policies
  • User identification using unique IDs
  • Logical separation of user data
  • Detailed logging and audit control
  • Granular permissions
  • Ability to easily review and audit user access levels
  • AWS physical security.
Auditing and event logging
  • Detailed system event logs
  • Detailed audit logs detailing user access and all login attempts
  • Customer-controlled event notifications
  • Multi-tier logging within AWS infrastructure and applications
IT governance
  • Cyber Essentials Plus certification
  • Information security policy
  • Data breach policy
  • Security incident policy
  • Data asset registry
  • Security awareness training
  • Monthly risk management meetings
  • Change control sign-off and reviews
  • OWASP training
  • Secure code reviews
Employee training
  • GDPR training
  • Cyber security awareness training
Security testing
  • Monthly vulnerability scans on all web facing endpoints
  • Annual independent penetration tests.

Effortless spend management for growing finance teams

Capterra ratingGetApp rating
Three badges showing capterra, software advice and getapp

Get started with ExpenseIn today

Explore our faster, simpler and smarter approach to expense management.

Book a demo