In our latest FAQ, we put forward a popular question that we hear. Namely, Do AdvanceTrack’s attained standards ‘mean anything’ to clients?
The simple answer is YES, absolutely. The standards we have been awarded are solid, external, assurance that prove we are being run in a well-managed and responsible manner. Ultimately it means that we protect our customers’ data – and that of their clients – as well as we can, and look to mitigate against continuity or security issues.
So, how does it work? We’ll run through the actual standards later, but let us explain how we are audited. An external auditor from the British Standards Institute (BSI) spends several days with us each year.
The auditor goes through all our procedures, risks and controls to make sure we do what we say we do. We currently have five standards (see below) and, whether security, privacy, quality or continuity, they are all risk-assessed.
We identify risks, and then evaluate them in terms of impact on confidentiality, integrity of information and availability of information. We then look to minimise the chance of those risks occurring.
Then we implement controls, and look at the residual risk: is there anything else can we do? Those controls could be as simple as making sure laptops have anti-virus on them – or as complex as managing redundant data centres or updating our business continuity plan.
The external auditor reviews all our controls – reviewing whether we follow them. They’ll take samples and we then demonstrate how we follow things through, including taking action to fix any issues that have arisen.
We’ve now had several audits – our last one was three days with the auditor and they spent a day writing up their findings. The external, independent auditor works for BSI – a very prestigious organisation.
The standards themselves don’t change what we do – but they are a key quality control check for us. In turn, this gives our accountancy clients peace of mind.
ISO 9001 Quality Management
ISO 27001 Information Security Management
BSI 10012 Personal Information Management System
ISO 22301 Business Continuity
ISO 27701 Personal Information Security
If you’d like to find out more about AdvanceTrack and our offerings, please contact us by clicking here.