Every company in market today relies heavily on its information technology systems to meet its operational, financial, and informational obligations. A secured IT system has thus become key to maintaining a secured environment for the company. But with the spurt in outsourcing of vital business processes, which necessitates the handling over of vital IP assets to outsource service providers in the process, this key concern of security has shifted to domains outside the company’s control. The concern of security increases ever more when outsourcing involves key business function like accounting and bookkeeping.
Security breaches of the following nature concern most of the companies outsourcing their bookkeeping operations
> Loss of confidential data.
> Tampering of data.
> Breach of personal data.
> Email intrusion.
A closer look and it can be concluded that information security concerns in outsourced bookkeeping process involve in it, three basic criteria. First, technology. Second, Management and third and most important being the Staff. Barring for the first point of loss of confidential data which encompasses in it all the three criteria, the rest are mostly about management’s policy and staff involved in a process.
Outsourcing of a business process does not necessarily mean the outsource of responsibility. To make the bookkeeping outsource process secured, it is needed that company outsourcing its bookkeeping, first take responsibility of its own security. It is advisable to designate internal focal points and allocate responsibility within the company to ensure proper and smooth functioning of the entire outsource process.
Companies outsourcing bookkeeping should make the vendor’s involvement to ensure resources and fulfillment of its security objectives. Taking the key management into confidence it should develop, implement, and maintain an internal security policy across the vendor’s organization which addresses following issues with relation to afore mentioned three criteria:
1) Management:
i) First it should be assessed whether the vendor has proper security systems in place to take care of client’s security concerns.
ii) Rigorous and regular auditing (physical and electronic) and monitoring process should be put across the organization to ensure proper security systems.
iii) Appropriate back-up systems should be developed to ensure minimum data loss.
iv) Ensure a prompt, effective, and orderly response to security incidents, including, without limitation, information system failures and loss of service or breaches of confidentiality.
2) Technology:
i) Data transfer technology: The data transfer process needs to be secured first. It has to be ensured that secure technology that is user protected and cannot be hacked should be used for all transfer of information.
ii) Work station security technology: The work station should be free of any facilities that provide external hard drives. Similarly restricted use of internet has to be allowed. And use of firewalls protected networks should be ensured.
iii) Employee/visitor surveillance technology: Restricted access based entry/exit, Log in details of the employees and use of CCTV cameras should be encouraged.
iv) Monitoring of security system with relation to technology employed: Periodic review of the entire security system with relation to technology adopted should be undertaken and the client apprised about it.
3) Staff:
i) Proper recruitment policy with thorough back ground checks will mitigate the risk of any person with dubious back ground working for the client.
ii) User authentication by means of a user ID and password is a must.
iii) Frisking of Employees during entry/exit to avoid theft or sneaking in of any external drives.
Outsourcing bookkeeping, doesn’t relieve a company of its obligation of information security rather it brings in more responsibility of gelling in the benefits of outsourced bookkeeping like exponential savings and growth for the company with the organizational goal of proper internal security system and better decision making process.