Skip to content

Data Security – Cloud and Outsourcing

Data Security – Cloud and Outsourcing

Vanessa Cresswell

Vanessa Cresswell

Click edit button to change this text. Lorem ipsum dolor sit amet consectetur adipiscing elit dolor

Many companies are now completely reliant on the data stored on their network servers, PCs, laptops, mobile devices or in the cloud. Some of this data is likely to contain either personal information and/or confidential company information.

We have a related factsheet which covers the conventional data security considerations.

Here we look at some of the issues to consider when reviewing the security of your computer systems, and how to minimise the risks of data loss within the cloud and where some or all services are outsourced.

Whilst cloud data storage and outsourcing can often be more secure than using internal resources, there are some additional things to bear in mind when some, or all, of your data is not held on-site.

Audit use and storage of personal data

Consider the potentially sensitive and confidential data which is stored in the cloud by your business.

Find out what is happening to data and what controls are in place to prevent accidental or deliberate loss of this information.

Risk analysis and risk reduction

So the key question is – If all or some of this data is lost who could be harmed and in what way?

When that is known, then steps to mitigate the risks of data loss must be taken. Here are some steps which can be undertaken to reduce the risk of data loss:-

  • Ensure that the cloud provider or outsourcer will not share your data with a third party
  • Check in what countries the data will be stored and processed – as this could have Data Protection implications
  • Ensure that you can take local backup copies of your data
  • A data subject has the same rights of access wherever data is being stored, so ensure that a subject access request can be facilitated
  • Try to minimize the amount of personal data stored in the cloud or with a third party
  • What happens if the provider becomes insolvent? Have a contingency plan in place
  • Is the data encrypted – if so have you got access to the keys and who else has access to the keys?

There are many resources available including

https://ico.org.uk/media/for-organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf

How we can help

Please contact us if you require help in the following areas:

  • performing a security/information audit
  • reviewing cloud and outsourcing/third party agreements
  • training staff in security principles and procedures.

Share this with your friends

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn

More to explore

Venture Capital Trusts

Venture Capital Trusts (VCTs) are complementary to the Enterprise Investment Scheme (EIS), in that both are designed to encourage private individuals to invest in smaller high-risk unquoted trading companies affected by the equity gap. While the EIS requires an investment to be made directly into the shares of the company, VCTs operate by indirect investment through a mediated fund.

Read More »

VAT Flat Rate Scheme

The flat rate scheme for small businesses was introduced to reduce the administrative burden imposed when operating VAT. Under the scheme a set percentage is applied to the turnover of the business as a one-off calculation instead of having to identify and record the VAT on each sale and purchase you make.

Read More »

VAT – Seven Key Points for the Smaller Business

This factsheet focuses on VAT matters of relevance to the smaller business. A primary aim is to highlight common risk areas as a better understanding can contribute to a reduction of errors and help to minimise penalties. Another key ingredient in achieving that aim is good record keeping, otherwise there is an increased risk that the VAT return could be prepared on the basis of incomplete or incorrect information.

Read More »

VAT – Cash Accounting

Cash accounting enables a business to account for and pay VAT on the basis of cash received and paid rather than on the basis of invoices issued and received.

Read More »

VAT – Bad Debt Relief

It is quite possible within the VAT system for a business to be in the position of having to pay over VAT to HMRC while not having received payment from their customer. Bad debt relief allows businesses, that have made supplies on which they have accounted for and paid VAT but for which they have not received payment, to claim a refund of the VAT by reference to the outstanding amount.

Read More »

VAT

VAT registered businesses act as unpaid tax collectors and are required to account both promptly and accurately for all the tax revenue collected by them. The VAT system is policed by HMRC with heavy penalties for breaches of the legislation. Ignorance is not an acceptable excuse for not complying with the rules. We highlight below some of the areas that you need to consider.

Read More »