Authentication / Authorisation:
Users are able to self-provision accounts only on approved client domains.
Password and user account management is strictly enforced according to KPMG Global Security Standards.
Enrolment and subscription:
KPMG Fulcrum is designed to provide multi-factor authentication at the user level, where clients require this to be enforced.
Access to all parts of KPMG Fulcrum are role-based access and easily manageable by client administrators from the secure client control panel.
Service Continuity, Reliability:
Databases are replicated on a real-time basis with fail-over controls in place in the event that a primary data link becomes unavailable.
Daily backups are performed as an additional control.
Log and Data Retention:
Logging of all critical transactions and user activity.
Client data is hosted, archived and destroyed in accordance with data retention policies and privacy regulations.
Clients have access to their own data and can request to export this at any time for storage on their own infrastructure.
All data is encrypted - at rest and in transit.