A couple of years ago it was the UK Government and Sony that lost large amounts of data. At the start of this year, Human Resources Canada failed to ensure the security of nearly 600,000 people’s data and now faces a plethora of lawsuits, full story found HERE.

Understanding how safe your data is has to be very important. There can be the tightest data protection and confidentiality clause in the commercial outsourcing contract but if the business processes are not in place to protect access to data, then there could be breaches. These processes are equally applicable internally as well as with the outsourcer. Business processes to protect data are just as important as the application security. I have frequently seen the most robust application security bypassed by an individual accessing personal data, downloading it and then emailing it as an Excel attachment insecurely over the open Internet. There have also been cases where outsourcing has taken place off shore and data has been sold to third parties by unscrupulous employees.

Some simple tips to compliance in both application software and business process are as follows:

Applications

Data access by a user must be defined and only made available to those that need it in the course of business. Employee data would normally be restricted to the HR department, Payroll department and in some cases Line Managers if there is developed responsibility of management. The application software must therefore have good enough role based permissions to enable this segregation.

An application should be able to generate passwords that are up to 12 characters in length and contain alpha, numeric and symbols. The passwords should always be encrypted in the database and not available for developers to view. They should ideally be changed every 3 months.

The application should also enable you to configure the password policy to comply with your own standards.

Unless an employee has given their specific written permission in Europe, data cannot be shared cross border, for example an HR manager in France should not be able to see any Italian employees’ data unless it is vital to conduct business. The application software should therefore be able to restrict this. Does the application allow you to elect where data is physically located?

Ideally if data can be exported this is restricted by specific roles in the user permissions and there is also a facility to encrypt exported data quickly and simply if it does need to be emailed.

True data security needs non repudiation; this means that the user accessing an application is recognised by the software. This could be in the form of a client side certificate whose credentials are exchanged with the server side application or a token that is generated by an external device. Banks often use this approach. Applications that do not have client side security and use open SSL are not safe.
Software should be able to log every user action and transaction so there is an audit trail. Do you as a customer have access to this information?

Business Process

Each business transaction should be defined and ideally controlled by business process management software. Every process should be subject to audit on a regular basis.

High risk transactions should always be subject to dual sign off which again is tracked and auditable.

If organisations outsource their HR and Payroll they must perform sufficient due diligence on the data security provisions that suppliers provide. Do they offer the flexibility to comply with password policies and data protection law?
Organisations should also have the confidence that a supplier will continue to adhere to these controls.
Ensure that both commercial contracts and employment contracts create accountability and responsibility for data control.

Remember if you do not make it safe it will not be safe…

True Cloud

True Cloud HR and Payroll solutions provide suppliers with the capability to provide the technology and security that is vital within today’s world. Organisations should no longer underestimate the cost of poor security measures for their sensitive HR and Payroll data.

Keith Lockyer
Head of Infrastructure
Acrede

As many global HR and Payroll providers advertise their technology as cloud, why is this important for organisations looking to reap the benefits of a global HR and payroll solution?

The first thing organisations should assess when looking for a global HR and Payroll solution is whether a provider is just jumping on the bandwagon by claiming that their solution is cloud, when in reality it isn’t.
For HR and Payroll, a truly cloud based solution offers many benefits to an organisation that traditional technology can only aspire to achieve. And cloud technology is fundamentally different to traditional technology so organisations that do want to invest in providing a true cloud solution essentially have to start again and build a new solution from the ground up. Cloud technology is not just Software-As-A-Service (SaaS).

Rapid deployments
Being truly cloud means that providers are able to deploy their technology rapidly, which ultimately cuts implementation times down significantly, therefore improving their pricing model. Rapid deployment also means that not only can live instances be deployed quickly but also any test instances. So if a new instance is needed to allow clients to view a new release, for example, providers are able to quickly and easily create sandbox sites which clients can access to see exciting new features.

Deployment anywhere
A true cloud solution also enables a provider to offer a choice as to where their instance of the global HR and Payroll solution is deployed. Naturally providers will host the solution on a client’s behalf but being true cloud, providers can also offer clients the option to host the solution on their own infrastructure. Clearly if an organisation has already invested in infrastructure which can support a virtualised environment, there’s little point in investing separately in infrastructure when true cloud providers can offer the ability to utilise existing investments.

It’s not a black box – clients get access to the technology
A cloud solution essentially means that it is accessible over the internet. The solutions are also designed to be used by clients. Traditional payroll outsourcing solutions offer a ‘black box’ approach whereby clients send data to a provider and from that point have no visibility of the data until the payroll has been run.

True cloud solutions enable clients to use technology to maintain their data, enabling them to remove the unsecure spreadsheets, emails and pieces of paper. Clients have absolute visibility of their data throughout the entire HR and Payroll process – they are even given the option to maintain ownership of their payroll and simply pay a license fee for the use of the global HR and Payroll technology.

Scalability – up and down
The flexibility that true cloud gives providers means that they can quickly and easily scale their solution to suit the changes within a client’s business. Traditional solutions, particularly on-premise, limit a provider’s ability to scale up and down in-line with a client’s global headcount and country coverage.
The fact that true cloud solutions offer rapid deployment also adds to a provider’s ability to scale.

Segmentation of data
Clearly HR and Payroll data is as sensitive as it gets. Traditional global HR and Payroll solutions have typically been built around a single shared database. Strict controls within the solutions are therefore critical in ensuring that clients do not have access to data that is not theirs – but given the fact that multiple client data is held within the same database, there is always a risk. Added to this, reporting solutions that a provider has available are also limited – a provider can’t give a client full access to data when other client data is held within the same database.

True cloud solutions enable providers to segregate data into client specific technology and data stacks. This provides a physical segregation of data. True cloud providers therefore supply clients with the power over and ownership of their data whilst retaining all of the benefits of multi-tenancy and on-demand software.

Nick Bland
COO
Acrede HR & Payroll Solutions Limited

Maximise value and reduce risk by extending compliance into your internal business processes…

The value that can be reaped for an organisation in outsourcing global payroll often comes from the advancement of efficiencies within three key areas namely compliance, control and cost-management.

A single contract with a supplier who has proven experience of delivering solutions using an approach that is repeatable and reliable means that organisations can inherit the inbuilt controls – both for the transition of a payroll to the new supplier and for the on-going processing of the payroll.

Compliance
For organisations that process their country payrolls in-house, the risk of non-compliance can be extremely costly due to the high penalties which are levied. Higher risk is often found in territories which are unfamiliar for an organisation’s headquarters, where they are typically not aware of the changing world of regulation – and for some countries, the rules can change on a quarterly basis.

Control
As payroll evolves through an organisation’s expansion, standard payroll processing is unlikely to be a line-item on the expansion plan. This leads to payroll processes and the information relating to payroll being inconsistent within the organisation’s footprint. Decentralisation of control then leads to inefficient processes and a lack of consolidated information – which is critical for effective decision-making.

Added to this, once the inconsistent network of payroll services are in-place, any global standardisation initiatives are a major undertaking, particularly without readily available ‘know-how’ relating to country specific requirements.

The time needed to manage the complex business of paying their global workforce on time and accurately also takes organisations away from their core business. It demands not only time but considerable investment in people, process and technology. And without synergy across countries, the hope of central global payroll information can be nothing but a long-term aspiration.

Cost-management
Without consolidated information, organisations are not aware of the real cost of payroll both in-terms of their headcount but also the cost of processing payrolls. The issue is compounded when organisations continue to expand, as the cost of payroll expansion is rarely known at the outset.

Extending the value
The value of outsourcing within payroll is increasingly understood as organisations face the on-going challenges of delivering global payroll using a disparate and high risk approach. However, even with an experienced supplier at the helm to mitigate the risks and assist an organisation to realise some of the benefits, organisations still do not attain the significant value that outsourcing their global payroll has to offer. The primary reason for this is that global payroll solutions do not address the challenges found within the organisation’s internal processes and controls.

True, standard process is a critical element in providing a consistent, repeatable and reliable service. However, the payroll process used when outsourcing a payroll only cares for the steps once the data has been provided to the outsourcer. No solutions are made available to organisations to enable them to drive the same standardisation and compliance into their own internal processes.

Typically the majority of the HR data which is needed for payroll processing is held within an organisation’s ERP with other critical information, which isn’t naturally held in an ERP, managed using a combination of spreadsheets and unstructured documents. Where investment hasn’t been made in an ERP, data is often held in a combination of structured and unstructured formats and is rarely centralised for multiple countries. The solutions offered by the majority of the global payroll providers do nothing to address the improvements needed in the management of the data prior to it being provided for payroll processing.

The inherent issue in the management of data in this random and poorly defined way presents high costs of inefficiency, as well as a high risk on data transfer. Data is usually stored and transferred without a concern for adherence to compliance controls. Individuals still underestimate the risk of transferring information over email, thinking that all internal email is secure without considering emails which leave the organisation’s firewall. Faxing of documents is also still common practice demonstrating the risk of information falling into the wrong hands. In the UK alone, the Information Commissioner’s Office can issue fines of up to £500,000 and prison sentences for breaches of the Data Protection Act. Clearly the reputational cost can be much higher.

Essentially, any management of information outside of a secure system will present risk. The sensitivity of payroll information warrants a solution which mitigates the risk placed on an organisation. So the same vigilance that is implemented for the management of data by the payroll provider is not typically extended into an organisation.

Providing organisations with technology to enable them to securely manage information, which is not already mastered within their own system, allows an organisation to extend the benefits of outsourcing – namely compliance, control and cost-management. Improving the current state for the management of payroll information through standard, repeatable and reliable technology and process enables an organisation to maximise the value of outsourcing their global payroll.

Sticking to the current state for the management of information, whilst outsourcing global payroll, simply addresses some of the challenges that an organisation faces – it does not use the initiative to drive far greater value into the organisation.

Acrede believes in providing organisations with technology and services that enable them to effectively deal with the challenges of global workforce management and payroll delivery.

Acrede’s true Cloud technology enables organisations to maintain their HR and payroll data directly within the easy-to-use user interface. This means that organisations can maximise the value and simply their internal processes by centralising data into a single, secure and compliant database. The need for the management of data outside the central database becomes redundant – therefore removing risk and streamlining processes.

Nick Bland
COO, Acrede

Through many years of delivering global payroll technology and services, Acrede’s team have a very thorough understanding of the global payroll industry and the models provided by ‘global’ payroll providers. Indeed, Karen Paterson, Acrede’s founder and CEO, was instrumental in identifying and implementing the first solutions for multinational organisations who were looking for a business model to address the challenges of managing and paying their global workforce.

Back in 2000, with the uptake of the internet into global HR and payroll, technology at the time afforded single contract providers the ability to offer technology solutions that facilitated the transfer of electronic information through workflow. This enabled payroll information to be exchanged in a relatively secure way between clients, aggregators, and in-country payroll providers. This was the foundation of the aggregator model.

Simply put, the aggregator model enables a single global provider (aggregator) to offer a single contract solution to a multinational organisation. The aggregator then contracts with either regional or country specific independent payroll providers – or a combination of the two. The aggregator clearly needs to offer a technology solution to facilitate this model. The minimum technology solution, as above, provides the functionality required to allow documentation to be exchanged between parties.

The benefits for an organisation looking for an outsourced global payroll solution include the simplification of contracting to remove the need to manage many country specific providers. Instead, the aggregator becomes responsible for sub-contracting their own partners to deliver payroll on the client’s behalf.

No investment in technology
Issues for both clients and providers within the aggregator model come in many forms. Firstly, in many cases aggregators are simply supporting the exchange of documents. Clients clearly need to provide information to the providers that are processing their payroll, so aggregators provide the technology to support this process. This is indeed the minimum that a client should expect. This rudimentary technology solution is not however sophisticated enough to deal with the fundamental issues that exist within the aggregator business model.

Inconsistent data formats
As clients and providers are often using different systems, the format of data that they exchange, through the aggregator is frequently different. Added to this, all of the country providers are using different systems so there is also the challenge of inconsistency of data across countries.

Essentially, the format of the data is not in a structure that the aggregator, and ultimately in country providers, need. This means that data is amended manually to meet the specific requirements of the aggregator and provider. Not only does this break compliance, it also introduces significant risk into the business model and, of course, cost – someone has to pay the price of manual intervention and error.

 
Inability to provide customisation
Due to the lack of technology being used to support the global payroll process, solutions to provide client specific requirements are also costly and time-consuming – if indeed possible at all.. For example, where a standard General Ledger output is needed by a client, which is certainly not uncommon, if the aggregator is not mastering global payroll data, they find is extremely difficult (and cost ineffective) to create a consistent, accurate and compliant output for a client.

Limited interface options
The ability to deal with outputs from an ERP system automatically is a standard requirement for many multinational organisations. The only option available is often manual extraction, transformation and loading – or even to build costly bespoke solutions.

Difficult and/or non-existent global reporting information
With many different formats of data being used by each country provider, the consolidation of this information into a single common structure for global reporting is extremely complex and therefore not usually provided, or it is misleading due to data errors. For example, if an element such as gross pay isn’t standardised across all data feeds from country providers, information will be fundamentally wrong when reported at a global level.

It is all very well providing elegantly presented reports but if the underlying information is wrong, the reports are worthless and even worse, potentially dangerous to a business’ decision-making.

Unable to provide a consistent experience for all employees
The lack of a centralised global HR and payroll solution also often limits an aggregator’s ability to provide global functionality to help multi-nationals provide a consistent user experience for its employees. For example, with individual providers producing payslips without a centralised production and distribution solution in place, employees in each country are likely to receive different formats of payslips, delivered in different ways.

Employee and manager self-service is also a critical component for multi-nationals looking to provide a consistent experience for all employees. Again, aggregators typically do not see self-service as a component that they need to invest in for their clients.

Price is driven by the individual country market
Aggregators are clearly reliant on in-country providers to deliver payroll services. However, In-country partners often, quite rightly, treat the business from aggregators as country specific – indeed it usually is for them. Therefore the price that they charge aggregators is no different to the price for the man-in-the-street. The in-country provider is also pricing the services they deliver based on the country market rate.

Aggregators obviously need to make a profit, but to deal with the complexity of data exchange, providing compliance and timely payroll delivery, aggregators need to add a significant margin to partner market rate prices. In-country providers have no incentives to provide a lower price to aggregators – they receive the data in a format that isn’t in-line with their requirements, they have to deal with all queries from the client, as well as having to educate the aggregators in their country payroll when the need arises.

You have to question the value that the aggregator is providing

Without any obvious added value from the aggregator, clients understandably question the benefit of the ‘single-contract and nothing else’ approach. Some aggregators levy a margin of 40% which is a huge cost for clients just to have someone else managing contracts for them!

Fundamentally, aggregators are not providing multi-nationals with any added value to enable then to reap the benefits of outsourcing their global payroll.

There is now an alternative

Acrede identified that the aggregator model was broken years ago and believed then in providing clients with an alternative model that addressed these issues.

The Acrede approach provides organisations with technology and services that enable them to effectively deal with the challenges of global workforce management and payroll delivery. Acrede’s true Cloud technology removes the challenges that global organisations face by centralising global workforce management, payroll processing and full payroll reporting.

Unlike other providers, Acrede offers its clients complete access to the Acrede product suite therefore centralising all payroll processing into one global database. Whilst Acrede will manage the payroll function, clients are able to manage their HR data using the Acrede Touch application. Where clients elect to send us data rather than using the application, this information is managed through Touch Point – in either automated or manual modes.

Acrede’s solution brings compliance, control and visibility to its clients’ single, regional and global payrolls. Seamless, end-to-end, automated workflows, incorporating best BPM practice and a fully controlled and compliant approval process ensure guaranteed compliance.

Acrede’s full range of services can be accessed via any hardware or mobile application, including tablets and smartphones, as well as being browser neutral. Wherever there is an Internet connection, our solution is just a click away. This means that clients can access their global workforce and payroll data at any time and from any global location. As this is a true Cloud solution, all information is available in real-time.

The benefits of Acrede’s solution are truly magnified when moving from single to multiple countries – where the global aggregation of data gives full insight and clarity across a client’s global workforce in real-time. Full payroll and tax-filing services can be delivered to over 170 countries, for any number of employees.

An important benefit of Acrede’s solution over others’ is scalability. Our systems architecture, which includes Cloud virtualisation, guarantees we can scale up or down to any required system capacity at a moment’s notice. This pay-as-you-go feature gives our clients optimal flexibility to follow acquisition or divestiture strategies with absolute confidence in their payroll provider’s support and stability.

Acrede’s Touch application also provides access to Employee and Manager Self Services, so that all transactional HR can be automated. Such functionality frees up valuable HR resource, and brings efficiency and cost savings to our clients’ businesses. Employees use Touch Point to access their electronic payslips, any other documentation that is specific to them, as well as any general company documentation that has been distributed. This ensures the same user experience for all.

Nick Bland
COO, Acrede
May 2013

Karen Paterson invented international payroll in 1996 and successfully grew a multi-million dollar business that traded worldwide. Many of the business processes and methodologies involved within global payroll came from her foundations. She has worked with many major BPO organizations, rolling out complex global payroll and HR projects.

As CEO of Acrede, Karen Paterson has created a best of breed global HR & payroll solution using the latest Cloud technology architecture, a product which is going to change the shape of Cloud mid-market software. Acrede has grown exponentially in so few years and the development of new offices provides the work space and support deserving of a thriving business.

Recently opening the UK office for Acrede, Karen and her team expand their global reach further by entering the APAC region. The Singapore office helps secure Acrede’s foothold in the Asian market and the integration of colleagues from the region really solidifies their dominance in the Payroll arena. As the team grows with a wealth of experience delivered by their developers based in Singapore, a secure and professional environment to work from allows them to do what they do best, succeed. Acrede now has offices in Jersey, UK and Singapore.

Acrede’s global footprint facilitates the supporting of its employees and clients and Singapore has a pool of skills that can be utilized to increase the support available for existing and new clients; Singapore is the Asia Pacific support hub.

Acrede is currently expanding rapidly in this high growth sector with many household names as clients, providing them with secure cloud HR & payroll technology that is feature rich, available on demand on a pay as you go basis.

Karen Paterson commented “At Acrede we see APJ and Southpac as a major growth area and are pleased to be investing in supporting this growth with our Singapore office. Acrede is the only true global HR and payroll solution that is available on the cloud, on demand, that covers multiple country payroll legislation.”

Published in Outsource Magazine Online, August 2011

There is a generation that run their lives on smartphones or iPads. Paper is never considered, people are online all the time; they share their work and personal time on applications such as Facebook, Twitter or LinkedIn. As mobile technology has become more sophisticated and easier to use, a far wider range of applications can be run. The ability to connect to back-office applications via mobile phones has surprisingly been around for years. I worked on projects with SMS gateways back in 2001. What has happened over the last few years is a dramatic increase in the usability of mobile devices, radically shaken up by Steve Jobs at Apple. The Apple experience has led to other companies such as RIM/Blackberry and Google with its open source Andromeda, following suit and vastly improving consumer choice and costs of devices.

So where does this take us in 2011 and the future? There is now a new way of doing business providing the smartphone works adequately. On a negative note though, there are some reoccurring issues experienced on smartphone apps, such as the time it takes to download an application, bad user interfaces, reliability of signal, and cross platform compatibility. Supporting and maintaining multiple platforms can also be an issue – unless you develop in HTML5. Size and management of screens is also an important consideration, so software vendors need to consider platform, language and compatibility.

Outsourcing on the road though is a real bonus. Employees should be able to view, approve, and instigate business processes. This means no matter what time it is, wherever you are (including which country), it is business on the move.

Common issues that occur within organisations include; the cost of smartphones, should the company pay for them, control over devices to stop misuse and the management time this takes, switching charges cross border, and cost of air time. Clearly this has to be balanced against the improvement to business process, visibility and control.

If you want your business to move to “working on the road” it is important you carry out a feasibility study and really understand how it will improve your working practice. Look at the cost, in particular the deal that can be done with the airway provider versus cost of handset to airway. It is always important to remember that cost has to be accounted for somewhere in business, and in particular with outsourcing. People, process, technology – that means who, how and via which platform. A cost-benefit analysis and ROI is critical.

There is a new generation that live their lives on mobile technology, using smartphones, touchpads and mobile phones. Smart businesses will embrace this and encourage their organisation to think forward and smart and move towards a paperless organisation, but one that still has the critical controls and audit trail in place. One thing is for sure: the world is moving to business on the road.

The Salisbury Journal decided to focus on Acrede for it’s business supplement writing as follows:-

“A LEADER in HR and payroll has opened a Salisbury division.
Karen Paterson invented international payroll in 1996 and successfully grew a multi-million dollar business that traded worldwide.
She is now CEO of Acrede, a global HR and payroll solution using the latest Cloud technology architecture, which is employing rapid success.
Karen has recently opened the company’s UK office at Old Sarum to supplement her offices in Jersey and Singapore.
“I’m exceptionally pleased to have an office in Salisbury again supporting the high growth of our business, it is a beautiful city with a pool of talent,” she said”

With more offices forecast for the future, expect to see more articles talking on the success of this ever growing business.

Published in Outsource Magazine Online, July 2011

During the last ten years we have seen an overwhelming trend to cut costs by outsourcing back office processes and software development to offshore locations, and the same applies to customer-facing front office processes and services, such as call centres and support desks. So is the customer really happy with this type of service? The customer can be an employee or manager, as well as a client or customer. I would say probably nine times out of ten they are not.

Customers have been forced down the route of phoning a call centre, being pushed down an endless “press one for support, two for sales,” etc. then being taken to a sub-menu which asks for a further set of decisions, only then to be put on hold with a voice recording telling you that “all of our operators are busy – we will answer your call as soon as we can”. By this time I am usually ready to slam the phone down, but eventually when your call is answered, it is by someone speaking broken English who runs through a script that often includes the same answers you have selected with your automatic choices. By this time I am really starting to get irritated.

Finally, when you have described your problem to the ninth degree, the operator very politely says, “I am sorry but I will have to transfer your call to our onshore call centre to deal with your query/order/complaint.” By this time I am incandescent, and mentally note to change my job/contract to another provider, and issue a written complaint (I most certainly would not go through the process of phoning through a complaint!). By the time you come off the phone you are frustrated and angry, and the provider stands a good chance of losing you as a client.

Would it not be simpler if you could pick up the phone to a call centre located in the same country as the service being provided, with someone who is a subject matter expert, with the required responsibility to make a decision to solve your problem? Rather than having to spend ages answering questions on what your call is about, you can be simply put in a queue where you are told which number in the queue you actually are, so you can make a decision as to whether to call back later.

When the labour market becomes tight, the cost differential disappears and this can be further aggravated by currency exchanges. As a developing country becomes a significant exporter of goods or services its currency will increase in value. This has been largely overlooked.

If you are an employee or a manager, how often do you consider that there has been no advantage to offshoring the back office and your situation is actually worse, not better? Thankfully there are some call centres that do have the service that is onshore and short phone menu selections, but they are in the minority, not the norm. Some large corporates are starting to bring their support services back onshore too.

Link: Original Source

Jersey – British Channel Islands:

Acrede announces a global alliance with Hewlett Packard to deliver worldwide trade payroll and HR technology and process services. While Hewlett Packard will continue to offer ERP based HR and payroll solutions, Hewlett Packard has chosen Acrede to complement their expanding HR BPO portfolio, as Acrede’s solution offers cloud enterprise business process management software. This includes standard workflows for all aspects of transactional HR and payroll, an employee portal, a multi-lingual global payroll engine with an exchange module, for the dynamic exchange of documents and content on line. All of this is accessed via a biometric dongle, creating a secure 256 bit encrypted tunnel to the Acrede cloud servers, which can be accessed from any computer, anywhere in the world. Another key component of the relationship will be Acrede’s ability to provide HR and payroll consulting and benchmarking services to Hewlett Packard’s HRO clientele.

Mike Zovko from Hewlett Packard commented, “This payroll and HR solution enables us to further enhance our services to clients globally. We are delighted to be working with Acrede and are impressed with the technology and services they offer.”

Acrede’s CEO, Karen Paterson added, “We are honored and very excited at the huge opportunity this brings to Acrede. We can deliver a truly global, cloud payroll solution, using the latest in software technology, and we are really looking forward to working with Hewlett Packard on many exciting projects worldwide.”

Acrede brings together Karen’s extensive experience with the latest advances in technology. By delivering a truly global HR & payroll solution, Acrede’s software can be implemented quickly and cost effectively via the Software as a Service (SaaS) on demand model. It fits in with the most stringent international data security and compliance standards, such as Sarbanes Oxley and Sas70 Type II, and security is further ensured via a biometric USB stick, which recognizes each individual user’s fingerprint. ENDS

For more information please contact James Filleul/Pauline Ramskill: 01534 735253/07797 733 344 james@directinput.je

About Acrede

Providing a global HR & payroll platform, Acrede delivers accuracy and efficiency using cloud technology. Acrede’s software can be implemented quickly and cost effectively via the Software as a Service (SaaS) model. This global solution can scale up and down, and is integrated with business process management, so can adapt and add value to the growing needs of global organizations.
For more information about Acrede visit www.acrede.net

About Hewlett Packard

Hewlett Packard was founded in 1939 by Stanford University classmates Bill Hewlett and Dave Packard. Today Hewlett Packard is a technology solutions provider to consumers, businesses and institutions globally and across industries. The company’s offerings span information technology (IT) infrastructure, personal computing and access devices, global services, and imaging and printing. The basic business purpose of Hewlett Packard is to invent, engineer and deliver technology solutions that drive business value, create social value and improve the lives of customers.
With annual revenue of $126 billion (USD), Hewlett Packard ranks 10th on the U.S. Fortune 500, ranks 26th on the Global Fortune 500, and is one of the world’s largest technology companies. Hewlett Packard provides sales and services in more than 170 countries and employs approximately 304,000 employees worldwide. Hewlett Packard corporate headquarters are located in Palo Alto, California.

Published in Outsource Magazine Online, June 2011

It is very important to understand and ensure your data is safe. There may be the tightest data protection and confidentiality clauses in the commercial outsourcing contract, but if the business processes are not in place to protect access to data, then breaches can happen. These processes are applicable internally as well as with the outsourcer. Business process to protect data is just as important as application security. There have been cases where the most robust application security has been bypassed by an individual accessing personal data, downloading it and then emailing it as an Excel attachment insecurely over the open internet. There have also been cases where outsourcing has taken place offshore and data has been sold to third parties by unscrupulous employees.

Here are some simple tips for compliance in both application software and business process.

Applications

Data access by user must be defined and only available to those that need it in the course of business. Employee data is normally restricted to the HR department, payroll department, and – in some cases – line managers, if there is developed responsibility of management. The application software must therefore have sufficient role-based permissions to enable this segregation.

An application should be able to generate passwords that are up to 12 characters in length and contain alpha, numeric and symbols. Passwords should always be encrypted in the database and not available for developers to view. And they should ideally be changed every three months

Unless an employee has given their specific written permission in Europe, data cannot be shared across borders. For example, an HR person in France should not be able to see an Italian employee’s data unless it is vital to conduct business, and the application software should therefore restrict this.
Ideally, if data can be exported, this should be restricted by specific roles in the user permissions, and there should be a facility to encrypt exported data quickly and simply if it does need to be emailed.

True data security needs non-repudiation; this means that the user accessing an application is recognised by the software. This can be in the form of a client-side certificate whose credentials are exchanged with the server-side application, or a token that is generated by an external device. Banks often use this approach. Applications that do not have client-side security and use open SSL are not safe.

Software should also be able to log every user action and transaction, so there is an audit trail.

Business Process

Each business transaction should be defined and ideally controlled by business process management software. Every process should be subject to audit on a regular basis. High-risk transactions should always be subject to dual sign-off.

If you outsource, do regularly make site visits, so you are sure that the processes which have been set up are being adhered to. Ensure that both commercial contracts and employment contracts create accountability and responsibility for data control.

Remember if you do not make it safe, it will not be safe, and data security is upheld at multiple levels.

Link: Original Source