Security
ProSpend recognises that the confidentiality, integrity, and reliability of our customers’ data are important to their business operations and our own success. We use a multifaceted approach to protect key information and we are constantly monitoring and improving our applications, systems and processes.

ProSpend’s IT infrastructure has been designed and is managed in accordance with industry best practices and the Payment Card Industry Data Security Standards (PCI DSS) requirements
Data Center Security
Our network and Information Technology resources are outsourced to Amazon Web Services (AWS). Amazon Web Services operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which our IT environment operates.
AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, and SAS 70 Type II. The data centers have multiple layers of operational and physical security to ensure the integrity and safety of our data.
ProSpends’ guest operating system, including updates and security patches, server and storage infrastructure, back up and security systems, and other associated application software are designed and managed in accordance with the Payment Card Industry Data Security Standards (PCI DSS) requirements.
Data Transfer
Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-256. Encryption keys are stored separately from the data, and it’s all hosted in our secure cloud infrastructure.
Access control: All access to our database containing sensitive information is restricted through programmatic methods only.
Encryption
Data in Transit
Communications between you and ProSpend are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS).
Data at Rest
Communications between you and ProSpend are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS).
Continuous Monitoring
Testing
ProSpend has a comprehensive program to regularly test security systems and processes, which includes: Internal and External Vulnerability scans and penetration testing as approved by the Payment Card Industry Security Standards Council.
Real Time Audit Log
We also keep a real-time audit log of all data access and changes made by administrators, customers, employees and our automated system.
High Availability Infrastructure
Redundancy
All data centers are online and serving customers; no data center is “cold.” In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Recoverability
Data is replicated to multiple data centers to assure its recoverability in the event that an outage. We fully test our backup systems on a systematic basis to assure that the they are functional.
Network Security
Protection
Security is provided on multiple levels: the operating system (OS) of the host platform, the virtual instance OS or guest OS, a firewall, and signed API calls. Each of these items builds on the capabilities of the others.
Architecture
Our network security architecture consists of multiple security zones of trust. Systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk
Application Security
Testing
ProSpend uses advanced code testing tools to assure that our code meets OWASP standards.
IP Restrictions
ProSpend accounts are configured to only allow access from specific IP address.
Access Privileges and Roles
Access to data within ProSpend is governed by access rights, and can be configured to define granular access privileges.
One platform for all your business spend
Easily manage your spend, expenses, invoices, purchase orders and budgets all in one powerful solution.