Made with Kleap
T
TrueBookUS Free Consultation

Data Security

Enterprise-Grade Security for Your Financial Data

Your books contain your most sensitive business data. We've built TrueBookUS around the security controls US auditors, regulators, and enterprise customers expect β€” so you can outsource with confidence.

SOC 2 Aligned
AICPA Member
IRS Authorized E-File
256-bit Encryption
MFA Required
PCI Compliant
Role-Based Access
Encrypted Backups
VPN Required
Continuous Monitoring
Annual Penetration Test
Incident Response Plan

Our Security Framework

Encryption at Rest & In Transit

All client data is protected with 256-bit AES encryption at rest and TLS 1.3 in transit. No exceptions, including backups, file shares, and database exports.

Multi-Factor Authentication

MFA is required for every employee, on every system. We support hardware keys, authenticator apps, and SSO β€” no SMS-only authentication.

Role-Based Access Controls

Least-privilege access by default. Employees only see the data they need to perform their role, and access is reviewed quarterly.

SOC 2 Aligned Processes

Our information security program is aligned with SOC 2 Type II Trust Service Criteria β€” security, availability, and confidentiality.

Encrypted Backup & Disaster Recovery

Encrypted, geographically redundant backups with tested recovery procedures. RPO under 1 hour, RTO under 4 hours.

VPN-Enforced Remote Work

All remote access requires a corporate VPN. Personal devices cannot access client data. Endpoint protection is monitored 24/7.

Annual Third-Party Penetration Testing

Independent penetration testing every year, with remediation tracked to closure. Results available to enterprise clients under NDA.

Security Awareness Training

Mandatory quarterly training for every employee, with phishing simulations and role-specific security education.

Vendor Risk Management

All sub-processors are vetted against our security baseline. Client data is never shared with vendors without written consent.

Incident Response & Breach Notification

Documented incident response plan with defined roles, runbooks, and customer notification SLAs aligned with US state breach laws.

Audit Logs & Monitoring

Every access to client data is logged, retained for 1+ year, and continuously monitored for anomalous activity.

NDA-First Engagement

Every engagement begins with a mutual NDA. We will sign your MSA, DPA, and security addendum before any data is shared.

Need Our Security Documentation?

Enterprise clients can request our SOC 2 alignment summary, security questionnaire responses, and pen-test executive summary under NDA.

Request Security Pack