FAQ-Architecture and Security


Q: How is data secured in Work 365?
A: Please review our Security and Compliance to for security permissions and roles.

Q: What measures are in place to ensure the confidentiality, integrity, and availability of our data?
A: Security is part of our daily life.

  • An annual security audit is conducted.
  • A Pen Test is conducted
  • User credentials are maintained in a password vault.
  • A quarterly PCI scan is completed.
  • Desktops have adequate end point protection
  • An annual DR drill is conducted

Q: Is Work 365 compliant with industry security standards and regulations?
A: Yes Work 365 is SOC2 Type 2 Compliant. To request a report an NDA is required.

Q: How does Work 365 ensure high availability and disaster recovery?
A: Detail your disaster recovery strategy and business continuity plans, including RTO (Recovery Time Objective) and RPO (Recovery Point Objective) targets.


Q: Do you publish is the architecture of Work 365?
A: A component architecture is published in our SOC 2 audit report and can be provided to our customers with an NDA. Work 365 is a Model App with a SaaS backend that supports the Dataverse entities with the billing logic, integrations and automation. Our SaaS components are hosted in our data centers in Azure either in the US or EU.

Work 365 can also be deployed in a private hosted Azure instance outside of our Data centers.

Q: Can Work 365 scale with our business growth?
A: Work 365 can scale with your business needs. For enterprise customers with large billing volumes a private hosted infrastructure can be an option.

Q: Can Work 365 be customized?
A: Yes Work 365 can be customized. Work 365 is built on Dataverse and PowerPlatform. Using customizations best practices the application can be extended to accommodate new fields, forms, workflows, business logic and notifications.

Additionally the invoice dates and enhancements of an invoice can be done through Power Platform customizations.

Q: Are there APIs available?
A: Work 365 provides REST APIs to build a custom Providers that you can use for automated provisioning of your services. Power Platform and dataverse can be used to access data.

Q: Why do I need to consent with a Global Admin Account?
A: Please refer to this article


Q: Who owns the data entered into Work 365?
A: Our users own the data. Work 365 processes the data in your system through an application user. Work 365 doesn't store any identifiable information about your customers in our database.