Office 365 is designed to be secure on all fronts. Exchange Server blocks 100% of known malware and significantly reduces spam. Office 365 Threat Protection capabilities help defend against dangerous attachments, malicious links, and new malware. ​ In addition, we use the latest threat intelligence and security management capabilities, which alert the Manager to suspicious behavior and provide AG2 and its customers with actionable insights into global attack patterns. ​ Regardless of the Office 365 process, all files received and sent are moved to the AG2 server where they go through two virus-checking processes before being sent to or received from clients. If AG2 detects a virus in a client email, an escalation process is triggered to talk to the client urgently.

All the information that is received and handled in AG2 is classified based on information retention policies, data classification policies and security policies. ​ AG2 intensively uses Office 365 data loss prevention tools, allowing all information handled by AG2 to be assigned a sensitivity classification. This allows us to control access to information. ​ Rights management capabilities built right into the Office applications and service allow users to securely share documents and send email so that only those with the correct permissions can access the information. ​ We use the Microsoft Compliance Manager platform, which allows us to have detailed information on compliance with data protection and threats, including spam, malware, viruses, spoofing attempts, malicious links and other threats. This includes: • Microsoft Exchange Online Protection • Office 365 Advanced Threat Protection • Office 365 Cloud App security: Information access from other platforms to your information is monitored by Office 365. • Office 365 Threat Intelligence: This allows us to detect any non-standard use of our information and analyze to take timely action.

Since all data that enters AG2 is classified, we can ensure that such data is only deleted following data retention policies. Thus, you can be sure that, if necessary, AG2 has a backup of your information for the statutory period of at least 10 years back. ​ We have a data retention process initiated for regulatory reasons. If our client tells us not to destroy any data due to a request from a regulator, etc., we can block said information and retain it indefinitely.

All the information in AG2 has a security copy and a backup. ​ 1. Office 365 Backup: All information from Exchange, Onedrive, Sharepoint, Office 365 Groups, Skype for Business is automatically recorded by Office 365. However, as it is a process without errors and the Office platform 365 was robust, AG2 decided to go further, as we realized that the information reintegration process was taking much longer than we were willing to expect. ​ 2. Office 365 PAAS Backup: We contracted and we have another provider that does the backup automatically via a PAAS platform (Platform-as-a-Service) in the cloud, backing up the information encrypted on Amazon AWS servers. This backup allows us to restore a lost email, file or contact in less than 10 minutes. All information is encrypted and authenticated by services with cloud providers. ​ 3. SQL Database: We exclusively use a database “as a Service” in the cloud with Microsoft Azure. Any update on the AG2 server does not affect the data of our clients. All databases are backed up daily, and we have backups as follows: ​ 30 files – daily backup, last 30 days. ​ 12 files – monthly backup, last 12 months. ​ 10 files - annual support, last 10 years. ​ 4. Automation server: The automation server undergoes a daily backup process. At the same time, the server does not allow the installation of any unapproved software, and its access is exclusively via APIs. Operational Program Servers: Those services that AG2 operations have to use, including for example Contpaqi, are installed on separate servers. If a server stops working, the control process is simply to turn it off and on again, without worrying about making a backup, since the client information is segregated.

Your information and the privacy of your data is a priority issue at AG2. We have the means and controls on sensitive data and we do not use your data without your prior approval (including advertising purposes). ​ Our modern processes allow us to meet European GDPR compliance standards. Your information and the privacy of your data is a priority issue at AG2. We have the means and controls on sensitive data and we do not use your data without your prior approval (including advertising purposes). ​ Our modern processes allow us to meet European GDPR compliance standards.

All solver for AG2 has continuous training of company processes, procedures and policies. At the same time, for each new process and/or client, its implementation and flow is prepared. These new flows are also subject to annual training.

All operational processes have a written procedure, operational flow in Visio and publication in the solver portal. All processes that do not have specific customer data are available for consultation at our facilities, which can be extended to your external auditors and/or reviewers. Procedures and processes with specific customer data can be shared after review by our compliance officer.

Before signing any contract, we make sure that we will be able to fulfill our commitments in a timely manner. A business approval committee meets to ensure that operations, customer service and technology are aware of the specific needs of the company, give their approval to the hiring of this, and mainly, confirm that the agreed control structures will be implemented. .

AG2 was designed with the contingency of processes and services in mind. We do not have physical servers. Our phone system is virtual. All information is in the cloud. ​ We can change offices from one day to the next, so, in the event of a natural disaster or situation in our facilities, the entire company can work remotely, either on company computers (all employees have laptops) or from personal computers, smartphones or tablets. All in less than 2 hours. We have 2 alternate access offices in Mexico City, more than 15 kilometers away from our office in Paseo de Reforma. ​ The contingency process also includes our dependence on the cloud. All our servers are replicated in 3 different regions in the cloud, both in different geographies and providers. If the Microsoft server in Virginia has problems, we have a server in London with Amazon and another in California. How are you?

For your peace of mind, all relevant processes in AG2 have a maker and checker process. We know that even though we have the best professionals in the sector, an error can occur. These errors are detected through a second level of review, ensuring that we deliver information with the level of security that you require. ​ Now you can sleep peacefully.

Every new relationship is assigned a resolver from the implementation team, who is responsible for ensuring that your company is structured and configured in the way we promised.

AG2 está comprometido con salvaguardar la información y ofrecer servicios que garantizan el cumplimiento de objetivos específicos para la seguridad de la información, ciberseguridad y protección a la privacidad en cuanto a la confidencialidad, integridad y disponibilidad de la información a través de un sistema de gestión de seguridad de la información en los servicios de contabilidad general y financiera que incluyen registro contable, conciliaciones bancarias, preparación de estados financieros, análisis financiero, elaboración y revisión de informes, cumplimiento normativo ante entidades regulatorias, servicios tributarios, elaboración y validación de documentos en XBRL, servicios para mercados de capitales, gestión integral de nómina, automatización de procesos, servicios para SOFOMES, y consultoría y asesoría financiera, a fin de garantizar la información, salvaguardar la vida humana, proteger el ambiente, los activos de la empresa y de las partes interesadas; mediante el liderazgo de la Alta Dirección y la asignación de recursos como estrategia prioritaria y buscando la mejora continua, y en cumplimiento las leyes, normas y aplicaciones contractuales que la empresa tiene como obligación. Ver política completa aquí: