The relocation industry in particular needs to hold data security in the highest regard. The online portals, mobile apps, and self-serve technology that today’s clients and transferees demand mean a person’s entire life (ID, banking information, home address) is potentially accessible to hackers.
What should you and your relocation provider do to ensure the integrity of such important information? Here are two important items we recommend as crucial to protecting your employees and their relocation data.
1. Conduct a SOC audit
Since 2008, we have participated in an annual SOC 1® (SSAE 16, formerly SAS 70) audit by an independent, CPA-licensed firm. The audit tests our system design, operating effectiveness, and internal controls.
According to Schneider Downs, SOC reports are the “de-facto standard” for using the work of a third-party firm as “a substitute for performing first-hand testing in conjunction with financial statement audits or Sarbanes-Oxley compliance.”
Specifically, the auditor checks for:
- The existence and description of internal controls
- That these controls are operating with sufficient effectiveness to achieve security goals
2. Try to get “hacked!”
Annually, we also contract with a third-party IT security firm to perform an external vulnerability and penetration test against our network and websites.
If your provider completes similar tests, the report’s firm will break down the Critical Items, Areas of Concern, and Potential Problems to keep the framework for protecting data up to the standards you need.
The bottom line is that you should never overlook the importance of third-party and unbiased audits. If your current provider does not undergo any third-party and unbiased audits, be sure to ask how the provider is ensuring proper controls through other means.
It’s easy to connect with experts to help test data security, so make sure it’s not just as easy for your provider—and your data—to be compromised.