Where is the data stored? Can you confirm that all data is stored within Canada?
The data is stored on Microsoft Azure Data Centers hosted in Canada. Specifically, Azure Canada Central and East.
Does my data ever cross Canadian borders?
No, all data is hosted on Azure cloud services within Canada.
Will we be notified if a breach occurs?
Yes, all relevant stakeholders would be notified if a data breach occurs.
What kind of security certifications do we have?
Information Security processes within BDO, are governed by the Information Security Management System ISO/IEC 27001:2013. The BDO portal (portal.bdo.ca) has been ISO Certified.
How long does BDO keep my data?
Data retention periods are governed by the legal and jurisdiction requirements. However, once a user is offboarded, their personal data is removed. Email addresses are kept in the system for logging purposes.
Security around logging in.
BDO Global Portal is based on Microsoft SharePoint and puts email addresses into two categories, Corporate and Social.
Social Accounts
If a client's email is detected by the system to be a 'social' address, it will create an account based off of the social email address and add @ext.bdo.ca to it then send an email to the registering email address containing the User ID and password.
In the case of not having a corporate Microsoft account, each time the user logs in to the portal it will ask them for a one-time code that will be sent to their registered email address.
Corporate Accounts
If a client's email is detected by the system to be a 'corporate' address, it will expect the user to use their corporate Microsoft Account username and password to login to the Portal. No @ext.bdo.ca User Id will be created or password provided as the username and password is managed by the clients corporate IT.
Is my data encrypted?
Yes, the data is encrypted with TLS 1.2 for data in transit and AES256 for data at rest.
Who has access to my data?
From the application point of view, only invited users have access to the data in the BDO Portal via the BDO Portal web application. Access is granted only if the user specifically been assigned with the appropriate role within the BDO Portal application.
Who do I contact to update inaccurate information?
To correct inaccurate information. Please reach out to your BDO Canada Professional contact.
What is BDO's privacy policy?
BDO's privacy policy can be accessed by visiting BDO Privacy Policy.
Who do I contact if I am having an issue?
For IT support:
- Call 1888-236-0009.
- You can also complete the form located at the bottom of this page to send a ticket to our service desk team.
How is access to BDO applications controlled?
BDO staff will invite clients to a specific project. Access to that specific project or 'Portal' is visible in the 'Team Management' section of the Portal. There Portal admins are designated and can add and remove users from that project.