Data security is built-in to Current RMS. We designed Current with security in mind, and every update or design decision that we make considers the safety of your data above all else. 

Some of the ways we keep your data safe:

  • Every Current RMS system has a unique subdomain and can only be accessed using valid login details.
  • We’re hosted on Amazon’s AWS infrastructure, trusted by companies like Xero, Trello, and Netflix.
  • Access to Current is via SSL technology only (i.e. HTTPS), establishing a secure connection between your device and Current.
  • We use firewalls and other network access control mechanisms to prevent interference or access from outside intruders.
  • Our servers are physically secure, with military grade perimeter security, strict access control, and automatic fire detection and suppression systems.
  • Our infrastructure is configured with multiple servers in mirror with each other to provide failure resilience. 
  • Our database is encrypted at rest, and all data backups are encrypted and securely stored. 

As well as this, we provide tools that you can use to further enhance the security of your Current RMS system.

We recommend that all users enable two factor authentication for their Current RMS account or enable Single Sign On (SSO) with Google or Microsoft.

Two factor authentication (2FA)

With two factor authentication turned on, in addition to entering your email address and password when logging in, you’ll also need to provide a unique code. This code is generated by an app on your smartphone.

How does this help?

Even if your password falls into the wrong hands, a malicious individual would still require the unique code generated by your device to log in. 

Check whether 2FA has been enabled for each of your accounts in System Setup > Users.

See: Set up two factor authentication

Sign in with Google or Microsoft (SSO)

Instead of signing in with your Current RMS username and password, sign in to your system using your company’s Google or Microsoft accounts. 

If you wish, you may restrict logins to Google or Microsoft accounts so that people must sign in with accounts from those services.

How does this help?

Your company’s system administrator can manage your Google or Microsoft account and set security policies for it, such as enabling two factor authentication or enforcing password policies.

See: Sign in to Current RMS using Google or Microsoft

Admin accounts and roles

Set Roles against your user accounts to determine what people can see and do in your system. For example, you may hide financial information or prevent users from deleting data.

When creating or editing accounts, you may also choose whether those accounts are administrators. Admin users have full access to the system, including access to System Setup and Reports.

How does this help?

Only give your users access to the functions that they need to do their job, limiting the potential for damage – accidental or otherwise. Restrict the number of administrator users on your system to prevent changes, deletion, or exports of your data en masse.

See: Restrict access to parts of the system using roles

Recent active sessions

From System Setup > Users or a user account page in People & Organizations, view recent active sessions to see where an account has been logged in recently and the last action on a particular session.

Keep in mind that the location is an estimate based on internet technologies so might not always be 100% accurate, but it’s still a good general indicator of an account’s whereabouts.

How does this help?

Check a user’s recent active sessions to check for unfamiliar locations or IP addresses, especially if you notice anything suspicious. 

See: View a user account to see actions throughout the system

Reset passwords

Force a password reset for your user accounts in System Setup > Users. Company owners can reset all passwords from this screen, too.

Accounts that you reset the password for are automatically logged out and must follow the instructions in the password reset email to log in again.

How does this help?

If you suspect a data breach at your company, take immediate preventative action by resetting one or all of your user account passwords. Users will no longer be able to log in with their old passwords, meaning any unauthorized users will be locked out.

Action Log

Use the Action Log in System Setup to get a list of key actions taken across your system that you can search and download.

There’s no way to remove actions from the Actions Log.

How does this help?

If you suspect a data breach at your company, check the Action Log to assess and mitigate any potential damage. Crucially, data exports and erases are logged so you can review what’s been impacted.

See: Review all actions across the system using the Action Log

What about GDPR?

Both the Current RMS software/service and Current-RMS Ltd are compliant with EU GDPR. 

Learn more about the tools in Current that can help with your GDPR compliance: Current RMS and GDPR

Still have questions?

Happy to help! Use the green help bubble to start a conversation with us ↘️ 

Did this answer your question?