Thanks for checking in with us, Willowlicious.
Aside from the information provided by Fiat, with QuickBooks Online, your data will be stored in the cloud so that it can be accessed by multiple users anywhere, anytime. The desktop versions of QuickBooks typically store data on a server or with a cloud-based service provider.
As long as you use the online form to upload your data to us, it will be protected. We use industry-standard SSL encryption. Data is removed from our servers promptly after you have uploaded your file. Then, we store a copy on our local servers during conversion. Also, we move your data to secure offline storage where it's encrypted. To learn more about this one, see the articles below:
Feel free to visit our QuickBooks Help Articles page for more insight s about managing your business in your software.
The Community will always have your back if you need anything else in running your business. You have a good one.
Thank you for the reply.
From a south Africa POPIA stand point, as personal data is not allowed to leave the country without certain measures in place, I'm trying to identify where quickbooks servers are that hold this data.
Even if the data is stored temporarily, are you able to tell me what country all servers the store this data both temporarily and permanently.
I'm unable to tell the location of the server your data are being hold. Rest assured, all your company's information are safe and are securely protected by the system.
For more information about Intuit's security site, you can bookmark these references:
I'll be around if there's anything that I can help. Keep safe!
Surely you should be able to tell where your data is stored?
the problem you will have with south africa clients is POPIA, if they cant identify where they are sending data to they dont comply with the new act.
We have to be able to identify which country our data from SA is being sent to as certain countries dont have enough data protection in place.
You end up finding your SA clients moving onto local accounting platforms
For your reference
I am not sure Intuit will answer your question. What we have known that they are partnering with AWS to host QBO. AWS has local datacenters in your region and it should be complied with your regulation.
Just my 2 cents.
As a MSP how can we recommend a product if it cannot answer a simple question, a very important one. Amazon host data all over the world you just have to pick where it's hosted. so someone knows.
What an appalling answer. Total evasion meaning the real answer is not what we want to hear. Presumably then data is somewhere in the US which is not acceptable for EU or UK regulations either. This is a problem.
We are considering moving to QBO for better multi user functionality. And I am also in need of an answer on this. I'm struggling to confirm if QBO is or can be made compliant with FEDRAMP and CMMC. Can QBO be hosted on the AWS Govcloud? I hope there is more security than just SSL. How about multifactor authentication for users using DUO or various other authenticator apps?
I appreciate you for joining this thread, @DisgruntledBeanCounter. I’m here to provide information to you about QuickBooks security.
At this moment, QuickBooks Online isn’t compliant with FEDRAMP and CMMC. Also, the program can’t be hosted on the AWS GovCloud and doesn’t have multifactor authentication measures for users of DUO or other authenticator tools.
If you’re a developer, you can reach out to Intuit developers to have a request or discussion about this matter. Otherwise, you can utilize third-party apps based on the applications you’ve mentioned that work best for you.
I’ve attached these resources to learn how to manage profiles, user roles, and their access:
The Community team is always here to help if you have any other questions or concerns about QuickBooks. Simply press the Reply button to add your comments. Have a good one and always take care!
QuickBooks doesn't suit your needs. You need an ERP class product to comply with FEDRAMP and CMMC. I know one app complies with HIPAA, SOC 3, FEDRAMP, FIPS 140-2, GDPR, and other domestic and international compliance mandates. You will need a 3rd party solution to integrate with it and comply with CMMC.