Skip to main content

Solutions

Law firms

Tax, audit & accounting firms

Corporations

Governments

Products

Legal

Trade & supply

Tax, audit & accounting

Corporate tax

Risk & fraud

Books

Recommended products

Questions? We are here to help.
Contact us

Purchase

Buy solutions

Buy books

Contact sales

Questions? We are here to help.

Resources

Insights

Events

Product training

Product communities

Developers

Secure File Transfer

Information Security Overview

SafeSend protects account data and manages information security across its environment.
SafeSend is committed to helping users feel secure when using our products and services. The following sections describe how SafeSend manages and protects data.

Cloud-hosted servers and data centers

SafeSend servers are hosted on Microsoft Azure servers located in the United States. Microsoft Azure uses advanced firewalls and intrusion detection technologies to help provide a high level of security. SafeSend servers and firewalls are monitored 24/7. Each SafeSend client is assigned to a separate, siloed database within Microsoft Azure.

Web application firewall

All SafeSend websites are protected by a web application firewall. Sites are placed behind the firewall, and access is secured with 2048-bit SSL encryption. All databases are encrypted and stored in the Microsoft Azure cloud. SafeSend sites follow the latest OWASP 3.1 ruleset.

Data backup

Microsoft Azure performs daily backups. Data in those backups is never decrypted during the backup process, and backup media is physically secured at all times. Azure backups are rotated in encrypted form to alternate secured locations to support disaster recovery in the event of a natural disaster.

Data in transit

All data is fully encrypted during transmission and at rest using SHA-256 certificates under TLS 1.2 encryption.

Penetration testing

At least once every 12 months, a 3rd party performs penetration testing to evaluate the security of the SafeSend information technology environment. These procedures simulate attempts to gain unauthorized access to system resources and data by using known vulnerabilities and other hacking techniques.
Testing includes external-facing components, such as internet protocol (IP) addresses and uniform resource locators (URLs), to simulate attempts to access system components through publicly accessible internet endpoints.

SOC 2 examination

SafeSend undergoes an annual Type 1 SOC 2 examination. This examination reports on management assertions regarding controls aligned with the AICPA Trust Services Principles and Criteria in the following areas:
  • Security
  • Confidentiality
  • Availability

Attachment file virus and malware scanning

SafeSend performs a basic virus and malware scan on files uploaded by taxpayers. The scan identifies known malicious files and prevents those files from being uploaded. Because this is a basic scan, it may not detect all malicious files. End users should continue to follow safe file download practices.

Reporting security issues

If you discover a vulnerability in a SafeSend product, email support@safesend.com. Include a detailed summary of the issue, the product name, and the nature of the suspected vulnerability. SafeSend will respond within a reasonable time and work promptly to address reported issues.

This article applies to:

  • Product: safesend
  • Subject: Setup
  • Audiences: Staff