Information security

Version May 2021

Exact takes information security very seriously, including personal data related security. We have dedicated operational processes to manage information security, dedicated security staff and an internal reporting mechanism to facilitate proper decision making in case of incidents.

Compliance Committee

Obviously, we are committed to comply to all relevant legislation, such as the Dutch Data Protection Act. A key mechanism in managing information security is our compliance committee, that monitors security processes and discusses security incidents, after being detected and analysed by our corporate information security officer. The compliance committee is chaired by our CFO.

We are dedicated to transparency

We don’t pretend to be able to prevent all security incidents. Incidents can and will occur occasionally. When they do, we dedicated to being transparent about them. We believe this is the best way to maintain the trust of our customers. Meanwhile, we obviously work hard to make sure incidents are as rare as they can be. To this end, our processes are audited regular. You can request the assurance reports via our support channels.

Protection of your personal data

We take substantial efforts to protect the confidentiality of personal data, preferences and other information. To protect this information, we make substantial investments in our server, database, backup and firewall technologies. For more information, please see the Privacy Statement.

For example. at Exact Online, we offer a mandatory extra security layer: 2-Step Verification. By using this technique, we help prevent abuse through phishing or malware. In this way, we provide maximum support for online safety – which is crucial to us. This means that, in addition to your username and password, you will need to add an extra piece of information that is available only to you as a user. This makes any misuse of your data much more difficult.

Approved by independent experts

For Exact Online and Exact Cloud Service our development and operational management processes are tested annually by highly qualified independent experts. This results in an independent assurance statement (ISAE 3402 type 2) that ensures our customers that our software is reliable and secure. The safety of Exact Online is determined at least annually via a pentest – an investigation to identify if software contains security related vulnerabilities. We have processes in place to take necessary actions if findings are reported.

Safest datacentres in the world

For Exact Online, Exact Purchase to Pay and Exact Expense Management on the Exact Cloud, we work together with Amazon Web Services (AWS), the largest public cloud provider in the world. Our data is stored on AWS datacentres in Ireland, known to be the safest in the world. Working with our solutions is always via a secure connection. It is encrypted according to industrial standards. Not only for Exact Online, Exact Purchase to Pay and Exact Expense Management or Exact Cloud we follow strict security guidelines and implementation, but we also demand (and ask for prove) compliance to these security standards from all suppliers we use in services to our clients.

Exact Cloud Services provides hosting for Exact Globe, Synergy, Financials and Business Software on the Exact Cloud. An external auditor has provided Exact Cloud Services with the ISAE 3402 Type II assurance report.

Request information

Exact welcomes questions or comments about this Security Statement. If you have any questions or comments about this Security Statement, or need to receive our compliance report for audit purposes, please enter this form with all relevant details.

Responsible discloses can be reported here

EN Select your country