In the previous article, which was the first of two parts about data security, we set forth why we believe a cloud-based software solution could be a good choice for your company from a data security perspective.
In this article, we will explore what security features an ideal cloud environment should provide. Plus, we have covered a few aspects of security where outsourcing of tasks to third parties is involved. Our advice keeps in view the two options that ESEF iXBRL document creation software providers might be offering – a cloud-based solution and the outsourcing option.
Data security on a cloud-based platform
Two-factor authentication
Two-factor authentication is an extra layer of security that requires users logging in to any online system to key in a security token or a pin number apart from their passwords. The extra layer makes it harder for hackers to gain access to sensitive information even in case they do break into a database of passwords.
Secure cloud hosting
Your cloud-based solution must be hosted on trusted sites such as Microsoft Azure, Amazon Web, or Google. These hosting sites offer very strong data security in addition to application security measures such as data encryption and user access controls, which ensure your data stays within a group of trusted team members.
Private cloud
Find out if your vendor can make the software available on a private cloud, where security aspects remain in your control. A private cloud can allow greater control and customization of systems. However, the one drawback of a private cloud is higher maintenance costs.
Data security when tasks are outsourced
If your company has chosen to outsource your ESEF iXBRL document creation or any aspect of your financial report finalization to a third party, here are a few pointers on keeping your files secure.
A Secure File Transfer Protocol
What’s most important to bear in mind is to never send your financial reports via email. That would pose a significant cyber security risk. Ensure that your documents are shared via a Secure File Transfer Protocol, which offers encryption and guarantees safe passage of financial reports from one system to another.
Who has access to your data?
Find out who at your outsourcing service provider’s end would have access to your company’s data. Find out what the permission levels are. The more people with access, the more opportunities there are for data compromises. Ensure that your service provider has implemented strong security measures and has strong processes in place, which include background checks and contractual agreements with the personnel who will be handling your data.
Security audit and certification
A widely accepted security audit for financial software and service providers is SSAE 18. This audit is based on standards defined by the American Institute of Certified Public Accountants (AICPA) and focuses on internal control over financial reporting. Check for the System and Organization Controls or SOC certifications of your solution or service provider.
There are data security concerns both around the software solutions you may choose and the services you may avail of. We have set forth a few guidelines on ensuring that your data remains secure, both from a solutions and services engagement perspective. We hope the guidelines will be of help as you decide how best to handle your tasks around ESEF compliance and your broader financial report creation process.
Do stay tuned in for our next article, which will be a wrap-up of our ESEF Quality Series.