Security is paramount with Botfiler.

User Authentication

All Botfiler accounts are protected with a strong password enforced and two-factor authentication (2FA). 2FA can be implemented and configured to remain within the existing environment of your organisation, protected by current sign-on credentials.

Audit Trail

Botfiler creates a comprehensive and immutable audit trail between all parties that includes a timestamp, IP address and end-user information.

Key elements of the audit trail are recorded in each transactions on the platform and include an identifier that can be used as a proof to lookup the corresponding transaction log if required.

These records include a cryptographic hash of any PDF document which can determine whether or not it has been modified or tampered with.

EU General Data Protection Regulation (GDPR)

Botfiler processes personal data in accordance the current data protection laws in Ireland. In addition, Botfiler's commitment to data privacy is demonstrated by the additional steps taken to comply with the general data protection regulation (GDPR) which came into force on 25 May 2018.

By maintaining strict adherence to GDPR, Botfiler allows its customers to ensure their own compliance to the new regulation which has considerable implications beyond existing data protection laws.

Tax Legislation

Botfiler complies with the Tax Consolidation Act, 1997.
It is updated each year for changes in Budgets and tax reporting.
The identity management, encryption and the secure environment provided by Botfiler mitigates against any risk of using the service over the paper based process.

Encryption

To ensure the confidentiality and integrity of your files, all content is encrypted in transit and at rest with world-class encryption and key management techniques. Multiple layers of encryption are used to support customers’ needs for reliability, security and control over their sensitive content.

Botfiler has partnered with Microsoft Azure to provide on-demand management of keys through the Azure Key Vault service which uses Hardware Security Modules (HSM’s) to safeguard cryptographic keys. The HSM’s are FIPS 140-2 Level 2 validated, a NIST security certification.

Content is encrypted with a one-time AES-256 symmetric key. This key is then encrypted using an asymmetric 2048 bit RSA. Botfiler itself never has access to the key, it simply invokes a mechanism that is provided by the Key Vault. Options are available where a customer would prefer to manage their own encryption keys.

Unchangeable audit log. All key usage is recorded in an audit log and Botfiler can never change that record of truth. All connections to Botfiler are secure and encrypted using SSL (Secure Sockets Layer). This is the same level of encryption used by leading banks and government agencies.

Physical Data Infrastructure

Services provided by Botfiler are hosted in a state-of-the-art SAS70 Type II, SSAE 16 facility that has achieved ISO 27001 certification.

Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.

Authorized staff must pass two-factor authentication no fewer than three times to access data centre floors. Botfiler uses multiple data centres with reliable power sources and backup systems with 99.9% SLAs and redundancy. Physical servers are located in Dublin, Ireland and failover servers are located in the Netherlands.

Botfilers’s secure messaging channel allows communication between staff and client, providing direct contextual relevance to a particular query.