Here’s what it means for you.
Accountants work with highly sensitive data on a daily basis, and their clients trust them to manage this data securely and confidentially. Yet, in 2023, the tools and systems we use to work with this data and come from a range of technology providers (both based in Australia and internationally). For the modern accountant, data protection and cybersecurity are crucial aspects of corporate governance and risk management — both for their own firms, and for their clients.
But there is only so much accounting firms can do in-house. With much of their clients’ data being processed on software platforms hosted and designed by external partners, your client data is not just in your hands.
So how can accountants, who are not information security specialists, ensure that their multiple technology partners are taking appropriate measures to ensure data safety?
That’s where ISO accreditation comes in.
Explainer: What is ISO?
ISO, or the International Organization for Standardization, is a global nongovernmental organization comprised of 164 national standards bodies and headquartered in Switzerland. It develops standards to ensure products, services, and systems are of high quality, safety, and efficiency. Being certified for a particular ISO standard demonstrates a provider’s credibility and reliability, and ensures that you, as a customer or client, are protected against risk.
The global standards for information security management systems: what is ISO 27001:2013?
ISO 27001:2013 is the premier global information security management system (ISMS) standard and one of the most popular standards for information security in the world. The standard was developed jointly by ISO and the International Electrotechnical Commission (IEC) to provide a framework for best-practice information security. It comprises 114 security control methods across people, policies, and technology.
Active by Business Fitness is now ISO 27001 certified. But what does that mean for your firm?
Why it matters that your accounting tech providers are ISO certified
An ISO 27001 certification requires that tech providers:
-
Offer security of information (cloud-based and digital)
-
Are resilient to cyber attacks
-
Use a centrally managed framework to ensure all data is managed under a single governance and management process in a secure single location
-
Are protected against technology-based and other risks
-
Can actively respond to evolving security threats
-
Have effective defence technologies in place
-
Can protect the integrity, confidentiality, and availability of your data
In short, working with an ISO-accredited technology provider gives you peace of mind that your client’s data is safe. It’s also far easier to comply with your own security standards when your suppliers meet international data security standards.
How Business Fitness protects your information security
Information security is fundamental to the way we operate as a business.
We are committed to ensuring an effective risk-based management system is in place to meet our objectives. This includes protecting Business Fitness, and our customers’, information assets from a breach of confidentiality, integrity, or availability via a range of people, process and technical controls.
Our system ensures that we have strict security controls for our IT and Development department and across the entire company. Here’s what our ISO accreditation means for your data in the Active platform:
1. Total confidentiality: information is available only to those authorised.
2. Highest integrity: information can be edited only by those authorised.
3. Guaranteed availability: information is accessible on demand to those authorised.
In order to meet ISO requirements and receive our certification, we spent months tightening up our information security processes and developing detailed policy documentation. After months of in-house security work, we underwent an external audit by an ISO-approved certifier and received our certification.
Want to learn more about our security standards?
We are dedicated to keeping your data safe. Our information and cybersecurity practices go beyond our ISO accreditation — to learn more, contact the Business Fitness team today.