Armed with a
Most accountants simply aren’t experts in security systems and protocols, cloud-computing contracts, and compliance requirements. That’s generally not part of the job.
There’s no need to worry, however. While they might not be experts in security, accountants can be empowered to do their due diligence in helping their companies choose the best cloud vendor for their security needs.
Trusting a vendor with your data doesn’t have to be frightening. Just ask these eight cloud security questions before signing any contract. These questions are important and matter to your stakeholders, customers, and your organization’s bottom line.
-
What certifications do you have? Federal vendors should be certified in FedRAMP and commercial vendors must have SSAE 16 with SOC 1 or 2. Remember, SOC 1 is for financial system security controls, while SOC 2 is system-based controls.
-
What compliance standards do you meet? Find out if they meet National Institute of Standards and
Technology (NIST) standards and what their ratings are. For instance, GCE is rated to secure moderately sensitive data, such as personally identifiable information and banking information. -
What is your backup plan in case of disaster or failure? Ask how their employees are trained to protect data, including the procedures and how they are enforced. These plans should be redundant and include backups of data in multiple locations.
-
Where are your data centers located? Some companies need their data to be housed in the United States to avoid penalties or breaking the law. It’s also a good idea to scope out the data centers with a scheduled visit, which any quality vendor will allow. Find out if the vendor has tier 4 data centers, which feature built-in redundancies, and how many other companies use the centers.
-
What happens to your data when the relationship ends? It’s important to know how you will get your data back when the contract and relationship conclude. The privacy agreement should also specifically outline how the vendor will protect your data and explain what happens if that agreement is violated.
-
What kind of uptime does your SLA guarantee? Cloud providers should be able to ensure 99.9% uptime of your
accounting system. Check to see what their ensured uptime is according to SLAs. You’ll want to have uninterrupted service in the event of a breach. Be sure to ask about backup centers. -
Do you integrate with other providers, and what are your security requirements? Many vendors have partners that they’ve signed agreements with in order to protect shared data. It’s a good idea to inquire about the requirements, certifications, locations, and disaster preparations of those vendors.
-
Who can access the data? Ask about how access to the data is secured and separated to prevent other companies from viewing your data. Ask about security audits to help protect your data from a security breach or hackers.
Not all cloud accounting providers are created equal. To make sure you are making the best, most secure choice when evaluating vendors, make sure to ask the above cloud security questions.
Even though accounting experts are probably not experts in IT systems or security practices, you should still feel confident that your provider IS an expert. Empower yourself to know more about security practices and systems which will help you to have a more meaningful conversation with your potential provider.