Q: How would my practice begin working with AdvanceTrack?
A: Initially we have a fact-finding meeting. It’s effectively the first – and one of the most important – tasks. It’s vital for us at AdvanceTrack to know how your accounting practice works, and for whom. We are well-versed at getting down to the important details quickly! There are a whole host of questions but, essentially, we ask about the practice’s structure, processes and technology stack.
The next part of the fact-finding mission is also very important. We ask: “what problem do you think we’re going to solve for you?” This is all about getting to the heart of whatever issues or tactical aims the practice views us as being the solution for. Sometimes we can see a clear path for us to help, but on occasion, we might have to explain why another option may be best for the practice to pursue.
The issues we’re confronted with, though, usually fall into two buckets: your firm is either in the midst of having difficulties in maintaining service for the clients; or the firm has growth plans and require our flexible capacity to help them scale.
It’s ‘nicer’ to be able to methodically plan and support growth, but we understand that things aren’t always that straightforward.
If a firm’s processes and tech are in a sufficient place for us to be able to link well, then we look at the strategic needs and provide advice on whether we think an outsourcing or offshoring solution would work best. The former is structured around us completing a set amount of work on behalf of a firm in a set timeframe, whereas the latter is about the provision of dedicated offshore team members to work with that firm full-time. It is an important decision, and a decision made carefully between us and the firm’s leaders.
Whatever the route, we would aways say that the next step is about communication between the firm, our technical team and us at head office. This would certainly be front-loaded to ensure that things are working smoothly.
Q: How secure would my client data be if I worked with AdvanceTrack?... How rigorous is your security?
A: There’s a very straightforward point at which to begin this answer: as MD of this business I want to be able to sleep soundly at night. As a consequence, we’ve created processes and technology that allow us to be satisfied that we’ve done everything realistically possible for our organisation to demonstrate that we look after clients’ data in a secure manner.
In terms of testing the rigour of our processes, we have a multitude of certifications that provide external assurance. These include ISO 27001 and ISO 27701, which cover information security management and privacy information management respectively. Our people, and the way in which we work are audited every year to show what we’re doing and prove that the information is safe and secure. It also covers situations where there is a problem and how we look to resolve it.
We share information between us and accounting practices through ‘the cloud’, and we have very secure ways of maintaining security levels.
Of course, you’re only as secure as the people you work with. Our teams are trained to be sensible with how they deal with information – we also have failsafe access restrictions… even I can’t access everything. There are physical security protocols too – such as the banning of camera-enabled phones in the office.
Q: Do AdvanceTrack’s data and security standards matter to me as a client, or potential client?
A: The simple answer is YES, absolutely. The standards we have been awarded are solid, external, assurance that prove we are being run in a well-managed and responsible manner. Ultimately it means that we protect our customers’ data – and that of their clients - as well as we can, and look to mitigate against continuity or security issues.
So, how does it work? We’ll run through the actual standards later, but let us explain how we are audited. An external auditor from the British Standards Institute (BSI) spends several days with us each year.
The auditor goes through all our procedures, risks and controls to make sure we do what we say we do. We currently have five standards (see below) and, whether security, privacy, quality or continuity, they are all risk-assessed.
We identify risks, and then evaluate them in terms of impact on confidentiality, integrity of information and availability of information. We then look to minimise the chance of those risks occurring.
Then we implement controls, and look at the residual risk: is there anything else can we do? Those controls could be as simple as making sure laptops have anti-virus on them – or as complex as managing redundant data centres or updating our business continuity plan.
The external auditor reviews all our controls – reviewing whether we follow them. They’ll take samples and we then demonstrate how we follow things through, including taking action to fix any issues that have arisen.
We’ve now had several audits – our last one was three days with the auditor and they spent a day writing up their findings. The external, independent auditor works for BSI – a very prestigious organisation.
The standards themselves don’t change what we do – but they are a key quality control check for us. In turn, this gives our accountancy clients peace of mind.
ISO 9001 Quality Management
ISO 27001 Information Security Management
BSI 10012 Personal Information Management System
ISO 22301 Business Continuity
ISO 27701 Personal Information Security
Vipul Sheth is founder and MD of AdvanceTrack.
If you’d like to get in touch please email email@example.com