🚀 Powered by AWS
CountingWorks PRO is hosted on Amazon Web Services (AWS) — the industry leader in secure cloud infrastructure, trusted by government agencies, financial institutions, and Fortune 500 companies.
Key AWS benefits we leverage:
- ISO 27001, SOC 2 Type II, and FedRAMP-compliant infrastructure
- Automatic redundancy and failover zones for uptime and disaster recovery
- Network firewalls, DDoS mitigation, and multi-layered perimeter protection
- Encrypted S3 and RDS data storage, with snapshots and backup retention
All data is stored in U.S.-based AWS data centers with strict physical access controls and continuous monitoring.
🌐 Global Content Delivery with CDN Protection
We use Content Delivery Networks (CDNs) — including services like Cloudflare — to deliver fast, secure performance no matter where you or your clients are located.
Benefits of our CDN layer:
- DDoS attack prevention and intelligent threat filtering
- Edge caching to accelerate file, page, and script delivery
- TLS 1.3 encryption for all client-facing traffic
- Real-time bot detection and firewall rules
Whether it's a dashboard login or a public-facing blog, content is served quickly and securely around the globe.
🔒 End-to-End Encryption
- Encryption in transit: All communication with our platform is protected via HTTPS (TLS 1.2+)
- Encryption at rest: All files, documents, chat logs, and form data are encrypted on disk using AES-256 encryption
- Sensitive data isolation: High-risk data is tokenized and access is strictly limited to required services only
🔐 Access Controls & Authentication
- Role-based access control (RBAC): Only authorized users can access firm-specific data
- Multi-factor authentication (MFA): Enabled for all CountingWorks PRO admin environments and available for firms
- Session management: Session timeouts, device logging, and unusual activity detection are built-in
- Audit trails: Activity logs track platform usage for accountability and internal compliance
🧪 Continuous Monitoring & Penetration Testing
- 24/7 monitoring of infrastructure for unusual behavior or system threats
- Regular internal and third-party vulnerability assessments and pen tests
- Logging, alerts, and automated incident response flows via AWS Security Hub and GuardDuty
🛡️ Application Security
- Secure development lifecycle: Code is reviewed, scanned, and tested before deployment
- OWASP top 10 protections built into the app layer
- Rate limiting, throttling, and CAPTCHA mechanisms on sensitive actions
✅ Regulatory Readiness
CountingWorks PRO is designed to help firms meet their own compliance needs under:
- GLBA, SOX, and IRS Pub. 4557 (for U.S. financial and tax data standards)
- CCPA/CPRA (California) and GDPR (for international privacy obligations)
- HIPAA-like handling practices for sensitive document storage (note: not a covered entity)
We provide a Data Processing Addendum (DPA) and Privacy Policy to support your legal responsibilities.
📣 Incident Response
We maintain a formal Incident Response Plan (IRP) and breach notification procedures. In the unlikely event of a data incident:
- You will be notified without undue delay (typically within 72 hours)
- We will provide a full report, mitigation steps, and updates throughout resolution
- Affected data will be analyzed, contained, and remediated per NIST protocols
To report a security issue, email security@countingworkspro.com
🤝 Security is a Partnership
We provide the infrastructure — you control access.
To keep your firm safe, we recommend:
- Enabling multi-user separation and access tiers
- Requiring strong passwords and enabling MFA
- Reviewing audit logs regularly
- Limiting sensitive uploads to client-relevant materials only
📫 Questions?
For SOC 2 summaries, pen test results, or platform architecture questions, contact: security@countingworkspro.com
.svg)