Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

05:51 PM
Connect Directly
RSS
E-Mail
50%
50%

Outsourcing Compliance: are you playing Russian Roulette with your data?

Customers expect their personal data to be protected. So how can companies that handle the confidential customer information outsource certain functions and still ensure that their data is safe? The gold standard for privacy and security practices is the American Institute of Certified Public Accountants' (AICPA) Statement on Auditing Standards, No. 70 (SAS 70).

By Zach McCoy, Kaplan Compliance Solutions

Given the complexity of the compliance industry today, it's more common than not for insurance and securities organizations to outsource a portion or all of their compliance administration to an independent organization. Yet, the headlines are filled with stories of data breaches and thefts from major organizations that did not have proper safeguards in place to protect their customer's personal information.Customers expect their personal data to be protected. So how can companies that handle the confidential customer information outsource certain functions and still ensure that their data is safe?

The gold standard for privacy and security practices is the American Institute of Certified Public Accountants' (AICPA) Statement on Auditing Standards, No. 70 (SAS 70). A SAS 70 certification verifies that a service organization or provider has demonstrated it has adequate controls and safeguards in place when it hosts or processes data belonging to their customers. SAS 70 audit reports are critical to companies who use Web-based software applications (also known as Software as a Service, or SaaS) and are involved in exchanging confidential data. The SAS 70 audit report both documents and attests to the adequacy and completeness of the SaaS vendor's internal controls for protecting data.

Most businesses begin with a SAS 70 Type 1 audit, which assesses whether the SaaS partner's internal controls are fairly and completely described and whether they have been adequately designed to meet designated objectives. SAS 70 Type II audits go a step further to test those controls in operation, such as the processes for assessing risk, managing third-party vendors and ensuring systems security. A SAS 70 Type II audit takes into account even the most basic variables such as how long a computer will remain idle before locking, which helps prevent unauthorized access.

With technology driving today's global financial community, it's crucial that companies have the peace of mind that their data is fully protected and being managed in a way that complies with all industry standards. This is at the core of the SAS 70 certification.

Leave the gambling in Las Vegas. When it comes to the security of your company data, bet on SAS 70 and you'll come out a winner every time.

Zach McCoy is Senior Vice President, Operations & Business Development, Kaplan Compliance Solutions. He can be reached at [email protected]Customers expect their personal data to be protected. So how can companies that handle the confidential customer information outsource certain functions and still ensure that their data is safe? The gold standard for privacy and security practices is the American Institute of Certified Public Accountants' (AICPA) Statement on Auditing Standards, No. 70 (SAS 70).

Register for Insurance & Technology Newsletters
Slideshows
Video