Digitization will change our living environment and business world faster than we think. In this process, the cloud – as a centralized working environment  –  will be the standard in the future. This means privacy and IT security will become even more important. At DATEV, the confidentiality and security of your data are already our top priority.

Virus scan:
1,5 MILLION
emails are scanned daily.

IT Security and Privacy

Our security team monitors the entrances to DATEV buildings and provides fire protection and first aid.

Handling sensitive information has been the foundation of our business since 1966. We believe that protecting this data is an all-embracing duty and one which we fulfill at all levels of the company.

Customized Data Safe

This is why we utilize a variety of different solutions to guarantee the confidentiality and integrity of our members’ data as well as that of their clients. This applies to both personal and business data. For example, DATEV SmartCard and DATEV mIDentity protect applications and data with a signature and encryption – a data safe for our customers. Users that want to move their digital software and IT management to the cloud are wellserved with DATEV Cloud-Sourcing. In addition to convenience and flexibility, this solution offers high standards of privacy – the data stays within German jurisdiction and is stored for the user in encrypted form.

Extraordinary Standards

When it comes to IT security, we heavily favor high standards and have done so for many years. Due to the strict requirements of our members and their clients, we only release solutions when they offer a sufficient level of security.

Our information security concept encompasses structural, human-resource-related, organizational, and technical measures to guarantee the security of objects and data. We implement IT security in a systematic manner – and are certified in accordance with ISOMEC 27001. This certification not only encompasses the heart of our operations, the DATEV data center, but also DATEV’s printing, logistics, and service center. We strive for continuous improvement, reviewing our work with the help of independent internal and external audits.

When it comes to questions of security, we’re also there for our members – DATEV Consulting advises and trains them on issues related to IT security, conducts risk assessments, and if desired, also provides an external privacy officer. In addition, we also offer the ability to incorporate local system partners into our security concept via PARTNERasp. These are all solutions that are individually tailored to the specific customer – and, at the same time, guarantee a high level of data privacy and security.

Comprehensive Approach

We rely on a comprehensive approach to the information security of our members and their clients. In this context, we rely on technical and organizational measures as well as both physical and electronic access controls to restrict access to our equipment and facilities and protect our systems. Using electronic access controls, we restrict who can access what data. Transfer controls secure data transfers and data storage devices. A multi-level documentation and auditing procedure ensures that changes to personal data do not go unnoticed. In addition, we pay close attention ensuring that unauthorized third parties cannot access data, and we make sure that all information is only saved and processed for the benefit of our members and their clients.

Cloud Security: Better and More Affordable

Yes to the cloud – but is it also truly secure? This is a question that concerns many business owners that entrust their data to such a system. And in fact, choosing the right cloud model is crucial to security. In this context, the basic rule is that business and customer-related data does not belong in a public cloud. This information should only be entrusted to what are known as trusted clouds. They stand out thanks to certified security concepts and only allow authenticated access to data. A good rule of thumb is that access to data and applications should be more tightly secured than simply with a username and password.

The DATEV Cloud offers this added level of security to its members and their clients. This is because the DATEV data center, with its centrally operated, professional infrastructure, can offer a much higher level of protection than a small or medium-sized company could normally implement themselves. Another benefit is that, while a data center like ours deploys the technical components and monitoring processes on the same infrastructure for a large number of users, it can implement security at a lower cost than individual users could do themselves with their own measures. The result of this is that the level of security for the user increases – and costs decline.

Study: SMEs Too Careless When Using the Internet

Although using the Internet has become a natural part of everyday activities at German companies, too many still neglect their protection against cyberattacks. This was the result of the 2016 Security Monitor from DsiN (“Deutschland sicher im Netz”), to which DATEV contributed significantly. Less than two-thirds of the companies surveyed have arranged who is responsible for privacy and data security, and only one-third have a security concept that management truly stands behind. Improvements can be seen in certain areas, however – for example, security guidelines are documented at 32% of the companies. One in four companies has defined internal protective objectives for IT.

IT Security and Privacy

Access control systems ensure that only authorized authorized persons can enter DATEV’s facilities.

IT Security and Privacy

Our application control room manages execution of the programs on our mainframes.

Smartphone: Logged in Securely

Not without my smartphone – the same applies to our DATEV SmartLogin. The app has transferred the smartcard feature into the virtual world and is now used on a daily basis by many users, such as users of Employee Online.

This is because it is so easy – upon the first activation, the app is tied to the mobile device and registered on the Smart Security Management Server (SSMS). On each login, this verifies whether the mobile app is actually running on the originally registered device and then whether the PIN entered is correct. This information is transmitted to the SSMS via a special, encrypted channel. The app only allows the identity to be used after successfully completing this verification, giving the user access to data and applications. Then the user can continue what they were doing, quickly and on their mobile device – but exactly as secure as before.

Certified Consolidation Solutions

Everyone that prepares consolidated financial statements for a period or a fiscal year is taking on an extensive project that requires careful planning. Regardless of whether you are preparing a voluntary or mandatory consolidated financial statement – a well-structured software application helps you complete this project expertly and quickly. Either monthly or quarterly, with concise reporting included.

We support you in this task with DATEV Consolidation solutions – from importing data from the financial statements of consolidated subsidiaries and individual companies to consolidation itself to documenting the results. The software systematically leads you through the individual steps, offers automation options, and allows you to work on the statements in an ongoing manner during the year. But above all else, the application is secure and – as a result of utilizing entry dialog windows that adhere to the German GAAP and GoBD, including the option to save data so that it can no longer be edited – it is possible to easily capture and seamlessly retrace all consolidation measures. This is not possible with spreadsheet software.

Solutions Demonstrably in Conformity with the Law

A current certificate once again confirms that our software solutions for consolidation operate in accordance with the German GAAP. The renowned Cologne-based auditing company IT Audit GmbH audited our application pursuant to the IDW PS 880 standard. Focal points of the audit were the accuracy of the program sequences, the processing rules, and the effectiveness of plausibility checks. In addition, another focus was on the application’s development, maintenance, and release including the existing process documentation. This certification gives the application’s users the security that they are using a certified, GoBD-compliant system for consolidation. This can also be documented at any time thanks to the publicly available auditor’s report. As such, we are delivering on our promise to ensure that our members and their clients are always on the safe side when they use our applications.