A CPA has a significant amount of responsibility managing and protecting their clients’ personal and financial information. The idea of entrusting another company to host and store this data can be unsettling. It’s unsettling because their clients must know that his or her information is secure at all times.
Let’s look at some of the best practices a cloud services provider establishes to provide security measures that go beyond what most CPAs are able to implement on their own.
Integrity of Data Storage
A cloud services provider implements several geographically redundant data centers to keep client data safe and highly available. The standard is to provide a 99.995% uptime in n+n redundant facilities. Most in-house data centers do not have the time or resources to establish this standard.
Unlimited Access to Data
Providing a Service Level Agreement (SLA) is a must. The SLA should outline access, services, support, security and other specifics. In addition, the SLA detail should be provided on how data is protected as well as what happens and what to expect in regard to accessibility if there’s downtime. The ultimate goal is to provide multiple layers of redundancy to ensure client data can be recovered and accessed seamlessly if the need arises.
24/7 Client Support
A reliable cloud services provider will have a 24/7 support team ready and available to assist with any technical challenge that may arise. There should be an escalation process in place to ensure a client’s issue is addressed quickly.
Minimal Security Risk
There should always be systems in place for firewalls, anti-virus detection, authentication and data encryption, and routine security audits. The main security risk, however, is hacking of the cloud environment by an unauthorized person. A dedicated cloud support services provider is positioned with best knowledge and experience to help their clients manage these pitfalls and security risks.
Compliant Cloud Environments
A cloud services provider should only entrust data center providers dedicated to staying on top of compliance issues. Several of these compliance solutions should include SSAE16 type 2 (accounting industry), PCI/DSS (payment care industry), Sarbanes-Oxley Act and HIPAA. These centers should also participate in third-party audits that include controls over information technology and related processes, policies and procedures.
The security of an organization’s client data should always be a priority—especially in the accounting world. It’s our job to establish an effective disaster recovery plan that includes failsafe data centers and automated backup and recovery options with optimal security measures in place.
We are happy to discuss how we meet all the standards mentioned above. Contact us to learn more.