Accurate accounts and iso27001 security certification

July 29, 2013

Small business owners often find the task of bookkeeping a laborious one and they will do almost anything to avoid sitting down for a couple of hours and working on the books. However, without accurate records of the transactions that your company is involved in it is impossible to identify which areas of the business are profitable and which are not. Being certified as having reached a certain standard with regard to information security may sound like something that only large corporations need to worry about but the data that you hold about your company and its customers need to be protected if you are to function effectively and maintain the trust of your clients. People work hard to build up their business and a security breach can mean that all of their work has been in vain. Taking the time to review current procedures is therefore a worthwhile endeavour and if your firm has a chance of gaining recognised certification at the same time then it is surely something that you will want to consider going for. At the very least, your data will be safer after the review.

The best result of a comprehensive review is for your firm to be awarded the relevant certification, which in turn may help it to attract new customers and embark on a period of expansion. As your firm grows, it will have more money at its disposal that can be used to hire an experienced accountant to ensure that your records accurately reflect the financial health of your business. Eventually, a whole team of professionals may be employed to take care of this one task and if they are good at their job, they will save your company more money than it spends to employ them. Along the way, it will be necessary to look at your data protection procedures again and again. This is to make sure that standards do not slip and that the certification your company was awarded is not taken away. Even if you have no ambitions to expand, it is becoming more important to have an effective information safety policy in place to ensure that your existing customers do not have to worry about their details being stolen by a third party.

Company owners that are not familiar with iso27001 security standards will find that there are many consultants who can help them get up to speed. Alternatively, it might be a good idea to do some online research first, just to establish whether obtaining certification is a realistic goal for your organisation to try to achieve. The main points that are addressed by this ISMS standard are discussed at length on many websites so it should be possible to gain a working knowledge of what it is all about if you are willing to spend a little time studying the available material. It is not that hard to ascertain what accounts records a limited company that operates in England and Wales is required to keep but making sure that they are accurate and up to date is a different matter completely. Some people have an aptitude for this kind of work whereas others are simply not capable of applying themselves to the task with enough attention to make sure that it is done properly. If you are in the latter group then outside help is the best solution.

Owners of very small companies may find that neither they nor any of their employees have the necessary time to devote to acquiring information security certification, no matter how useful it might prove to be in the long run. If this is the situation that you find yourself in then, as with the company accounts, it is well worth thinking about hiring somebody from outside your firm to audit the information safety procedures that are currently being followed, if any. However, for obvious reasons you will need to make sure that anybody you take on in this capacity is absolutely trustworthy or else you could end up doing more damage than good to your company's reputation with the local business community. Assuming that whomever you hire is successful then it could be a good idea to keep them on, at least on a part-time basis, to ensure that standards do not begin to slip. A part-time accountant is a good solution for companies that cannot justify hiring anybody on a full-time basis and cannot afford to have a large accountancy firm to take care of their books.