In the previous three blogs of our SaaS series, we considered why a SaaS (Software as a Service) solution is better suited for your ESEF XBRL compliance than an on-premise solution; what financial benefits SaaS offers; and what security features an ideal SaaS solution should provide.
Our latest blog is about the business-related concerns an ideal SaaS solution should address with regard to your compliance. Read on…
Where will your data reside?
Where your SaaS vendor will store your data is the first thing you should find out while choosing a solution. You could probably be concerned about regulatory complications arising from your data being stored outside a specific country or region. It is more of a concern when the data is supposed to be part of regulatory filings. It would help to look for a solution that ensures the security of corporate and personal data per the EU’s General Data Protection Regulation (GDPR).
Platforms such as IRIS CARBON® are thoughtfully hosted in multiple geographies to cater to global customers. For instance, a company in Europe will access a platform hosted in the EU region and a company in the US will access a platform hosted in the US.
Business Continuity & Disaster Recovery
One of the primary advantages of opting for a SaaS solution is the provision of business continuity and disaster recovery features.
Although most SaaS vendors nowadays have their software hosted on multiple datacenters dispersed in a country or region, you need to ensure there are systems in place to deal with a business disruption on the vendor’s premises.
Regulatory compliance solution providers like IRIS CARBON® have a well-defined and audited business continuity plan which enables even their support teams to operate remotely and work without interruption.
Data backup and retention
Compared with on-premise hosting, cloud-based hosting allows you to backup and retain your data for a longer period of time. This advantage becomes significant when you use a SaaS solution for regulatory compliance purposes.
Before finalizing your SaaS vendor, ensure whether or not the vendor provides a data backup and retention, and if it is automatic, regular, and encrypted. Data backups also aid the business continuity and disaster recovery process.
IRIS CARBON® has an automated and regular data backup facility that is stored with encryption.
Risk Assessment
Since SaaS moves all business processes online, it is of prime importance to do a risk assessment. Risk assessment can help identify vulnerabilities that cause cyber-security threats such as data breaches. Does your SaaS vendor conduct risk assessments? What does the vendor do when risks are identified?
Globally-used platforms like IRIS CARBON® conduct regular risk assessments and follow a well-defined risk management policy to address the risks identified. IRIS CARBON® does not just identify risks, but also assesses the threat perception and devises an action plan to mitigate the risks. What’s more, IRIS CARBON®’s risk management policy also goes through the SOC audit process.
Certifications and standards compliance
Although SaaS companies undergo several audit and certification procedures, it would help to ask for evidence of such certifications while choosing a SaaS solution for regulatory compliance. For instance, when looking out for a SaaS vendor for your XBRL | iXBRL filing requirements, make sure the software/application is XBRL International Inc. (XII) certified, SSAE 18 SOC certified. You also need to ascertain that your vendor has a set of policies and procedures on how to manage customer data. Compliance with international standards such as ISO 27001 ensures that the vendor has such policies and procedures in place which are audited regularly.