We use industry-standard internet security measures to protect the information that's sent between your practice server and the Practice Compliance server, including:
TLS 1.2 encryption
oAuth authentication
security tokens
security is provided by Amazon Web Services.
The data request is initiated via MYOB Portal's API, which creates a secure path to your server to access the on-premise data, and then closes this path upon completion of the request. Requests are sent using the TLS 1.2 protocol, through port 443. RSA 2048 bit encryption is used.
Data storage
When you're using Practice Compliance, your desktop data stays exactly where it is now - in your practice or at your currently hosted location.
All data created and copied to the cloud is stored at Amazon Web Services Sydney region data centres. Security information is available regarding Amazon Web Services data centres. For specifics regarding data surrender to authorities, see the government rights of access section of Amazon Web Services.
For now, data flow between Practice Compliance and your practice server is one way. The Practice Compliance server simply views/reads the data directly from your practice server. No data is written back to your practice server.
Privacy Act considerations
MYOB has reviewed the ways in which it collects and handles personal information as a result of changes to the Privacy Act in Australia, to ensure that it continues to comply with its privacy obligations. Similarly in New Zealand, MYOB collects and handles personal information in accordance with the Privacy Act.
Two-factor authentication
What can I do in MYOB Practice Compliance?
You can restrict access to your staff members by giving them permission to particular features in Practice Compliance.
If an employee's MYOB login credentials are recorded in your practice database then that employee will have the ability to access Practice Compliance.
If you use MYOB AE, or MYOB AO (NZ only), any team security settings that you have applied in your practice database will still apply to this employee. Once your employees access MYOB Practice, they will only be able to see documents and tasks associated with the clients they have access to in their desktop software.
See also Restrict access to MYOB Practice Compliance (MYOB AE/AO users only).