Data Security Policy

This policy outlines Albany City Bookkeeping Services' (ACBS) standard procedures for managing financial data and computer security. It is to be used as a guide for staff, sub contractors, and clients of

Computer Maintenance

• Ensure a firewall is installed and active.
• Ensure antivirus is installed, up to date, and active.
• Ensure windows updates are enabled, and that the operating system is up to date.

Passwords

• Do not write passwords down.
• Do not use the same password in more than one place.
• Use Keepassx to store your passwords.
• Any passwords pertaining to a client belong to that client. When a password is disclosed to an agent of ACBS, it is taken to have been disclosed to ACBS.
• Do not disclose passwords pertaining to a client to any third party. This includes the client's tax consultant.

Encryption

Encrypting financial data at all times may seem tedious and impractical, however it is absolutely essential. Whilst MYOB or Quickbooks data can be protected with a password, many programs are freely available which can instantly remove the password protection from a data file.

When storing financial data on your own computer, a clients computer, or on a thumb drive, the financial data must be placed in an encrypted file container. Creating such a container is a very quick and simple process, which only needs to be done once. Follow this tutorial. A 1gb file container will generally be large enough for a client data file and a number of backups.

The MYOB or quickbooks data file does not need to be removed from the container to be accessed. Backups can be saved directly to the container. When transferring data between computers or onto a thumb drive, the entire container must be transferred. Albany City Bookkeeping Services operate a secure file server, accessible from our website. Data stored here is encrypted both during transmission and in storage, therefore individual files from within the container may be transferred rather than the entire container.

Storage

Financial data should never be stored in an unencrypted location.

Transmission

• Do not email data files.
• The only secure method of transfer endorsed by ACBS is to and from our secure server.
• Additional login's to a client's folder can be generated. For example, to provide access to the client's tax consultant.

Backups

Any time changes are made to a financial data file, a backup must be made. Both the backup and the raw data file should be uploaded to our secure server at that time. Recent backup's should be kept on the original computer. As there is no practical size constraint for our secure server, backups should not be deleted from there.