Skip to content

Data Security – Cloud and Outsourcing

Data Security – Cloud and Outsourcing

Vanessa Cresswell

Vanessa Cresswell

Click edit button to change this text. Lorem ipsum dolor sit amet consectetur adipiscing elit dolor

Many companies are now completely reliant on the data stored on their network servers, PCs, laptops, mobile devices or in the cloud. Some of this data is likely to contain either personal information and/or confidential company information.

We have a related factsheet that covers the conventional data security considerations.

Here we look at some of the issues to consider when reviewing the security of your computer systems, and how to minimise the risks of data loss, within the cloud and where services are outsourced.

Whilst cloud data storage and outsourcing can often be more secure than using internal resources, there are some additional things to bear in mind when some, or all, of your data is not held on-site.

Audit use and storage of personal data

Consider the potentially sensitive and confidential data that is stored in the cloud by your business.

Find out what is happening to that data and which controls are in place to prevent accidental or deliberate loss of this information.

Risk analysis and risk reduction

The key question is – if all or some of this data is lost who could be harmed and how?

Once that question has been answered, steps to mitigate the risks of data loss must be taken. Here are some steps that should be undertaken to reduce the risk of data loss:-

  • ensure that the cloud provider or outsourcer will not share your data with a third party
  • check which countries the data will be stored and processed – this could have data protection implications
  • ensure that you can take local backup copies of your data
  • a data subject has the same rights of access wherever data is being stored, so ensure that a subject access request can be facilitated
  • try to minimise the amount of personal data stored in the cloud, or with a third party
  • what happens if the provider becomes insolvent? Have a contingency plan in place
  • is the data encrypted – if so have you got access to the keys and who else has access to the keys?

There are many resources available including:

ico.org.uk/media/for-organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf

How we can help

Please contact us if you require help in the following areas:

  • performing a security/information audit
  • reviewing cloud and outsourcing/third-party agreements
  • training staff in security principles and procedures.

Share this with your friends

Facebook
Twitter
LinkedIn

More to explore

Running a Limited Company

Research and development (R&D) by UK companies is being actively encouraged by the government through a range of tax incentives. The government views investment in research and development (‘R&D’) as a key to economic success. It is therefore committed to encouraging more smaller and medium sized (‘SME’) companies to claim R&D tax relief.

Read More »

Narrative Reporting

The National Minimum Wage (NMW) and National Living Wage (NLW) are the legal minimum wage rates that must be paid to employees. Employers are liable to be penalised for not complying with the NMW and NLW rules. HMRC is the agency that ensures enforcement of the NMW and NLW.

Read More »

Data Security – Data Protection Regulation – Ensuring Compliance

Due to the introduction of new accounting standards, commonly referred to as ‘New UK GAAP’, the form and content of company accounts has changed. The changes for non-small companies took effect for accounting periods beginning on or after 1st January 2015. In many instances companies will now show a different bottom-line profit or loss and a different total for net assets on the balance sheet.

Read More »

Data Security – Data Protection Regulatory Framework

Due to the introduction of new accounting standards, commonly referred to as ‘New UK GAAP’, the form and content of company accounts has changed. The changes for non-small companies took effect for accounting periods beginning on or after 1st January 2015. In many instances companies will now show a different bottom-line profit or loss and a different total for net assets on the balance sheet.

Read More »

Accounting Records

Due to the introduction of new accounting standards, commonly referred to as ‘New UK GAAP’, the form and content of company accounts has changed. The changes for non-small companies took effect for accounting periods beginning on or after 1st January 2015. In many instances companies will now show a different bottom-line profit or loss and a different total for net assets on the balance sheet.

Read More »

A Limited Company Tax Guide: Everything You Need To Know

Limited companies enjoy a large number of deductions from your taxable turnover. You can deduct the costs of running your business (including salaries) from your tax bill. Mileage, training, and accommodation also count. However,  expenses must fall into the category of being “wholly and exclusively for business purposes.” So, if you use your weekend training trip as a family weekend away, you need to sort your expenses carefully.

Read More »