- Secured File Transfer Protocol (SFTP) :
SFTP is the best solution for handling financial reports from one system to the other. As part of IT security systems, it is recommended that your financial printer or disclosure management provider has a Secured File Transfer Protocol (SFTP) system in place. The SFPT system is a secured channel which filers can share their financial reports. The data is encrypted and therefore ensures even higher levels of security.
- Employee Background Check and Stringent Disciplinary Policies :
It is imperative that the employees of the financial printer have a sound screening process including background verification, criminal checks and also have clauses in the employment agreements covering the fact that all data that the employee deals with is supposed to be highly confidential and for no reason will there be a breach in confidentiality clauses. In the event of such breach, there would also be severe disciplinary consequences.
2. Thwart hidden attacks on in-house solutions-
The early years of this decade has seen a trend in taking the SEC compliance using SaaS offerings. Below are the key aspects that you need to keep your eyes and ears open to:-
It is of utmost importance to know where your SaaS provider hosts the data since the financial data is on the cloud. Any issues with the data center availability would result in a situation where the SaaS platforms are unavailable for access and use. There are some popular data hosting options as Microsoft Azure, Amazon Web Services who provide a range of hosting options like Platform as a Service (PaaS) or Infrastructure as a Service (IAAS) based on requirements and who offer high availability of the data centers. It is advised to check if your SaaS provider is using a well reputed hosting option.
- Security Audit Completion
There are several security audits for software and service providers out of which the SSAE 18 is the most stringent audits. The SSAE 18 security audit is based on standards defined by the American Institute of Certified Public Accountants (AICPA) and focuses on internal control over financial reporting. Tying up with a service provider which has completed the SSAE 18 audit is a big plus.
- SSL certification and Data Encryption Level
It is well known that data is core to financial reporting and it is important to make sure that it is secured by encryption so as to prevent misuse.
Similarly, hardly a day goes by without updates of security attacks on banks, email solution providers or other areas where sensitive data is present. Cloud-hacking such as this; is no exception. Having an SSL certification in place for the SaaS solution helps to add another layer of security to the SaaS product.
If the financial information of a company is accessible to outsiders, it is imperative to have checks in place to have this reversed. It is very important for organizations to understand how their unpublished quarterly/annual report information is being handled- this starts right from how the documents are sent for XBRL/iXBRL conversion or the manner in which support has access to such classified information.
How can we help?
Our Company, IRIS has experience of over 14 years in compliance reporting and has developed SaaS solutions across various business lines.
We specialize in XBRL/iXBRL reporting, we have developed a cloud-based SaaS offering, IRIS CARBON® that helps companies and partners meet with the regulatory reporting requirements. Currently, IRIS CARBON® helps filers meet the XBRL/iXBRL reporting requirements in the US (SEC), South Africa (CIPC), Europe (ESMA ESEF), UK (HMRC), Ireland (Revenues) and Italy (Infocamere).