The security of company data, especially unpublished financial data, is a great concern for IT teams, CFOs, and compliance teams.
As more and more financial regulatory agencies around the world mandate the iXBRL format for financial reports, companies under the mandate find themselves with two choices for the creation of their iXBRL reports: create the reports in-house or outsource them to a third party. Both methods could expose a company to data vulnerability. We take a closer look at how secure your data really is.
Outsourced iXBRL Conversion Service
In order for a third-party company to create your iXBRL document, you’ll need to transmit the financial data to them. From our experience working in the XBRL/iXBRL reporting space, typically issuers send their financial reports to their outsourced iXBRL providers through email. Email is the most insecure method of sending data. Emails are prone to virus attacks and other cyber security risks. Apart from this, humans could also be a point of data misuse. The documents that you send to an outsourced team are handled by multiple team members, any one of whom could intentionally or inadvertently mishandle your company’s sensitive financial information.
How do overcome this?
Secure File Transfer Protocol (SFTP):
SFTP is the best solution for transferring financial reports from one system to another. As part of IT security, it is recommended that your iXBRL service provider or disclosure management provider has a Secured File Transfer Protocol (SFTP) system in place. The SFTP system is a secured channel that can be encrypted and therefore ensures higher levels of security.
Employee Background Check and Stringent Disciplinary Policies:
It is imperative that you have a sound screening process of the outsourced service provider including background verification and criminal checks.
Identify Data Access:
Find out who at the outsourced service provider has access to your company data. Find out what their permission levels are. The more people with access, the more opportunities there are for data compromises.
In-House iXBRL Creation
More and more companies are turning toward cloud-based solutions for managing data and creating iXBRL reports. Below are the key aspects that you should assess:
Where do the cloud-based solution host its platform and your data? In what country? There are some popular data hosting options like Microsoft Azure, and Amazon Web Services which provide a range of hosting options like Platform as a Service (PaaS) or Infrastructure as a Service (IAAS) and who offer high availability of the data centers. It is advised to check if your solution provider is using a reputable hosting option.
Security Audit Completion:
There are several security audits for software/service providers out of which the SSAE 18 is a widely accepted audit for financial reporting. The SSAE 18 security audit is based on standards defined by the American Institute of Certified Public Accountants (AICPA) and focuses on internal control over financial reporting. A service provider with a completed SSAE 18 audit is a plus.
SSL certification and Data Encryption Level:
An SSL certificate is a type of digital certificate that provides authentication for a website and enables an encrypted connection. Having an SSL certification in place for the SaaS solution helps to add another layer of security to your data.
Every company is responsible for the security of its data. As financial regulatory agencies around the world continue to make structured financial data reporting (XBRL/iXBRL) the standard, it will be very important for organizations to understand how their unpublished financial information is converted to iXBRL, and what security risks might be associated with the process.
With a presence in over 32 countries, 1.5+ million filers using our solution/services, and 5+ million files processed, IRIS is a global leader in XBRL/iXBRL-based disclosure management. Our 14 years of pioneering experience in the structured data space has culminated in our flagship product, IRIS CARBON®, a cloud-based, collaborative disclosure management platform for issuers.
Augmented by an expert support team of 300+ professionals, our customers enjoy high-quality services and unlimited expert support. IRIS CARBON® is SSAE 18 audited, which assures confidentiality and data integrity while using our cloud-based platform and services.