We are trying to create a strong security culture amongst all employees of TreasuryGo. We strongly believe that every employee is an essential part of our defense against potential security breaches.

This culture has a strong impact on all employees and is present at all stages and everywhere, including the hiring process, employee on-boarding, but also as a part of the ongoing training that TreasuryGo provides and company events to raise awareness. Before an employee joins TreasuryGo, we perform a check of his/her background. All our employees must be familiar with our security policies and go through security training as part of the on-boarding process and receive regular security training throughout their stay here at TreasuryGo. During the on-boarding process, new employees agree to our NDA and go through OWASP training. This shows our commitment to keeping the data of our customers secure.

All employees working at TreasuryGo must follow our password security and lockout policy, must have 2FA authentication, must have a secure Wi-Fi connection, or alternatively, be connected to our VPN when working remotely. Additionally, all TreasuryGo’s employees are using multi-factor authentication with Azure Active Directory, which is a Single Sign-On service that enables them to securely access their accounts and applications.

The developers in the IT segment receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc. The IT department also attends technical presentations on security‑related topics, receives regular updates on the newest issues from the Cybersecurity through multiple security publications.

TreasuryGo is SOC 2 certified. Our report goes into detail about our secure management and technical practices. This report can be requested by customers under NDA.

TreasuryGo has several security features and has been built with security in mind. Client data is fully isolated in tenant-specific data stores and AES 256-bit client encryption keys. TreasuryGo honors the single sign-on policies configured for each client’s organization and does not store individual’s passwords.

The TreasuryGo application also supports our customers in finding the best way to maintain compliance with GDPR and can, at any time, remove data in compliance with GDPR at a client’s direction. Client data is completely removed from our system within 90 days of contract termination.