How do you handle client data security during the audit process? Some of my larger clients are asking about data protection policies and secure file transfer. Currently just using email and Dropbox but getting the sense this isn't going to cut it much longer. What are you all doing?
Client Data Security in Audit Workflow
Laura, this is becoming more important every year. I switched to encrypted email for sending reports and use a secure client portal for file sharing. Also make sure to password protect any Excel files with sensitive data. Some clients require specific security protocols so always ask upfront about their requirements.
I've started using Box instead of Dropbox - better security features and audit trails. Also created a data retention policy that spells out how long I keep client information and when/how it gets destroyed. Haven't had anyone ask for it yet but good to have in place.
Don't forget about physical security too. Lock filing cabinets, clean desk policy, secure shredding of printed materials. Had one client audit our office before signing a contract. They were more concerned about paper documents sitting around than electronic security.
Good points all around. I also recommend getting professional liability insurance that covers data security issues. It's not just about protecting the client's information, it's about protecting your business if something goes wrong. The coverage isn't that expensive compared to the potential liability.