User Authentication

All Botfiler accounts are protected with a strong password enforcement and two-factor authentication (2FA). 2FA can be implemented and configured to remain within the existing environment of your organisation, protected by current sign-on credentials.

Audit Trail

Botfiler creates a comprehensive audit trail for all staff and client users that includes a timestamp, IP address and end-user information.

Key elements of the audit trail are recorded in each transactions on the platform and include an identifier that can be used as a proof to lookup the corresponding transaction log if required.

EU General Data Protection Regulation (GDPR)

Botfiler processes personal data in accordance the current data protection laws in Ireland. In addition, Botfiler's commitment to data privacy is demonstrated by the additional steps taken to comply with the general data protection regulation (GDPR) which came into force on 25 May 2018.

By maintaining strict adherence to GDPR, Botfiler allows its customers to ensure their own compliance to the new regulation which has considerable implications beyond existing data protection laws.

Tax Legislation

Botfiler complies with the VAT Consolidation Act, 2010.
It is updated each year for changes in Budgets and tax reporting.
The identity management, encryption and the secure environment provided by Botfiler mitigates against any risk of using the service over the Excel-based process. No more calculation errors, no more transcription errors.

Encryption

To ensure the confidentiality and integrity of your files, all content is encrypted in transit and at rest with world-class encryption and key management techniques. Multiple layers of encryption are used to support customers’ needs for reliability, security and control over their sensitive content.

Botfiler has partnered with Amazon Web Solutions (AWS) to provide on-demand management of keys through the AWS Key Vault service which uses Hardware Security Modules (HSM’s) to safeguard cryptographic keys. The HSM’s are FIPS 140-2 Level 2 validated, a NIST security certification.

Content is encrypted with a one-time AES-256 symmetric key. This key is then encrypted using an asymmetric 2048 bit RSA. Botfiler itself never has access to the key, it simply invokes a mechanism that is provided by the Key Vault. Options are available where a customer would prefer to manage their own encryption keys.

Unchangeable audit log. All connections to Botfiler are secure and encrypted using SSL (Secure Sockets Layer). This is the same level of encryption used by leading banks and government agencies.

Physical Data Infrastructure

Services provided by Botfiler are hosted using AWS's state-of-the-art IT infrastructure that is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:

- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27017, ISO 27018

Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.

Authorized staff must pass two-factor authentication no fewer than three times to access data centre floors. Botfiler uses multiple data centres with reliable power sources and backup systems with 99.9% SLAs and redundancy. Physical servers are located in Dublin, Ireland and failover servers are located in the Netherlands.