Your Accounting Website Design Can Help Protect Your Clients' Personal Information

Nowadays most CPA or accounting websites come with a secure file transfer system, but are you sure the information you're storing there are genuinely safe? I'm not discussing about the online security here. Your IT specialist will find that stuff straight forward to grade by just examining your website and it's source code. Just make sure the data is properly password protected and encrypted and you're pretty well covered. The weak position in lots of CPA website protection isn't in the information management, it's the physical datacenter that the information is stored on. Datacenters with professional looking websites and first rate code may very well be stored in the basement of a private residence. It takes a physical examination of a datacenter to determine it's real quality, and that can make shopping around rather expensive. You don't want your client's accounting data hosted on a low cost "cheap" datacenter.

I learned this lesson the hard way. I was using a datacenter based out of an office building out in Chicago when an exploding transformer disabled some of my clients' file transfer systems. This wasn't just a brownout. The explosion started a fire that was so close to the room that it the servers were stored in that many of the servers were damaged or destroyed. This incident opened up a huge can of worms for me. I had made a mistake common to code-monkies. I had been myopically focused on the web-based security. I had not adequately considered the importance of the servers physical security! What good was all my hard work on the website and security design if the server it's running on isn't secure?

I shudder to think how much worse it could have been. While "what if" scenarios were rolling around in my head when a worst case scenario made me shudder. These days identity theft is a hugely popular and profitable source of income for a diverse range of criminal elements. It doesn't much matter how well secured the information is on-line if someone can just unplug the server and walk out of the building with it.

This is a pretty horrifying prospect. Not all identity thieves are in India or Russia. There is an increasing number of American gangs getting into the business. I had to address this, and address it fast.

After researching the subject for a few days I determined that the the best datacenters for storing information on your accounting website would be SAS 70 Type II certified. The Sarbanes-Oxley Act requires all publicly traded companies to use SAS 70 Type II Certified datacenters. These exhaustive security audits are administered by the American Institute of Certified Public Accountants and performed by specially trained CPA firms.

Type I certification isn't adequate. Type I SAS 70 certification means a system, process, or firm has been reviewed in regards to it's security at the time that the audit was conducted. The Type II Certification measures and evaluates security over time.

Armed with this information I started shopping around. The difference between these data centers and the ones I had been using was night and day. They were secured in what can reasonably be described as a fortress. The facilities were locked and guarded twenty-four hours a day, seven days a week. They were also equipped with state of the art electronic security, including motion sensors and closed-circuit video surveillance systems. There was no casual access to the site. Only authorized personnel were permitted on site. When I made my choice I went high-end. I found a place that used fingerprint scanners, and nobody gets in without being authenticated by their own prints and a fingerprint from the guard at the front desk.

The information security of your website is not enclosed in your accounting website design. Don't overlook the value of a secured datacenter. Finding a respectable datacenter can be tough but, luckily, someone has already done all the work. Of course I'm a huge fan of SAS 70 certification. The straight forward way to make certain your datacenter is properly secure is to be certain it's SAS 70 Type II certified.

Kenny Marshall is a internet marketer and former Vice President of CPA Site Solutions, one of North America's most successful website firms oriented solely to accounting website design.