10 Ways We Ensure F&A Information Security

For CEOs and CFOs considering outsourcing, cybersecurity is of paramount importance. Not a day goes by without some news of a major cybersecurity breach. In such a scenario, it is only natural that businesses look for a partner that can be trusted.

At QX, we have been providing outsourcing services for over 15 years now and are a trusted partner for numerous established businesses in the UK and US. As a finance & accounts outsourcing company, we deal with financial information of several businesses. So, for us, the importance of information security cannot be overstated. We go above and beyond to ensure data security. Here are some of the key steps that we take to safeguard our client’s data:

1) We provide a secure and dedicated WFH as well as office space for all of our clients. If we serve competing businesses, we provide separate spaces for each, with access restricted only to employees working on that specific client’s project. Also, for the QX Finance & Accounting Services division, we use dedicated and segregated teams so that each team works only for one client.

2) To ensure that no unauthorised employee or person can enter any dedicated client space or office, we use access cards and biometric logins. As a result, employees can enter only common areas or spaces dedicated for their respective projects.

3) As a business, we sign non-disclosure agreements with our clients whenever sensitive information is involved. In addition, each employee working on a client project also signs a confidential non-disclosure agreement.

4) We use highly secure and controlled systems to transfer and share data with our clients. Data access is restricted on workstations and removable storage devices like pen drives are blocked. Access to email, online storage, online data transfer, and non-work-related sites are blocked using an industry-class firewall device.

5) We also have layers of security in place to prevent data leaks. In the unlikely case of a breach, we have a systematic plan in place to deal with the breach. Till date, we have not encountered any major breach of any of our clients’ data.

6) In order to fulfil UK Government standards, we also comply with and are Cyber Essentials Certified.

7) We are certified by the British Standard’s Institute (BSI) as ISO 27001:2013 Information Security Management compliant. This means that we rigorously adhere to a framework of policies and procedures that are designed to maximise information security.

8) With GDPR becoming an enforceable law, companies holding or processing personal information have a greater responsibility to manage, store, and protect the data. We are fully compliant with GDPR and are certified by BSI as 10012:2017 Personal Information Management System compliant.

9) To protect our systems from cybersecurity threats, we deploy anti-virus and anti-malware software. We also use cloud-based email security to neutralise threats posed by links sent via malicious emails.

10) We restrict the use of mobile phones on work floors – mobile devices are stored in special cabinets outside of the work area. In addition, we have 24/7 manned security and CCTV monitoring in place.

For more details on how we protect our client’s information from cyber threats, please check our Data Security page.

Originally published Sep 18, 2018 03:09:50, updated Jul 23 2024

Topics: Infosec