PremaTax Security Responsibilities FAQ​
Security Responsibilities FAQ​
​
This page provides an overview of how information security responsibilities are shared among Terabitten, our cloud service providers, and our customers when using the PremaTax platform.
​
1. Who is responsible for security of the PremaTax platform?
Security of the PremaTax platform is based on a shared responsibility approach. Responsibilities are distributed among Terabitten Technologies Inc., the cloud service providers that support the platform, and customers using the service. Each party is responsible for security controls within its respective area of control.
​
2. What security responsibilities does Terabitten have?
Terabitten is generally responsible for security controls within its scope of control, which typically includes:
-
Secure design, development, and maintenance of the PremaTax application
-
Configuration and management of cloud-native security controls
-
Identity and access management for Terabitten personnel
-
Encryption of data in transit and at rest where applicable
-
Security monitoring, logging, and incident response
-
Compliance with applicable legal, regulatory, and contractual security requirements
​
3. What security responsibilities do customers have?
Customers are generally responsible for security activities under their direct control, including:
-
Managing user accounts, roles, and permissions within the application
-
Protecting user credentials and enforcing appropriate authentication practices
-
Ensuring the security of customer-managed devices and networks used to access the service
-
Ensuring the accuracy, legality, and appropriateness of data entered into the system
-
Using the service in accordance with applicable agreements and acceptable use requirements
​
4. How do cloud service providers factor into security?
PremaTax is hosted using third-party cloud service providers. These providers are generally responsible for security of the underlying infrastructure and platform services they deliver, including physical security of data centers, environmental protections, and foundational network, compute, and storage services.
Terabitten evaluates and monitors cloud service providers through contractual requirements and assurance activities consistent with industry standards.
​
5. How does Terabitten manage security risks related to third-party providers?
Terabitten maintains vendor risk management processes designed to assess and monitor the security posture of critical third-party providers. This typically includes review of security documentation, independent audit reports, and ongoing evaluation of provider services to manage information security risks throughout the supply chain.
​
6. Does this page replace or modify customer agreements?
No. This page is provided for informational purposes only and does not replace, modify, or amend any existing customer agreements, terms, or conditions. In the event of any conflict, applicable customer agreements govern.
​
7. Where can customers ask additional security questions?
Customers may contact Terabitten through established support or account channels to request additional information regarding security practices or responsibilities.​​​