QX SECURITY, QUALITY & TRUST

20 Years, Zero Data and Security Breaches

QX Accounting Services is a 100% GDPR-compliant outsourcing provider, with ISO 27001 and ISO 27701 certifications for information and data security. We are trusted by 350+ accounting firms for secure outsourcing suport.

GDPR

Our Commitment To Security And Regulatory Compliance

Being one of the UK’s leading suppliers of accounting, finance and accounts, payroll and recruitment process outsourcing services, we are committed to implementing the GDPR. We are an ISO 27001 and ISO 27701 compliant organisation and these standards validate the measures we have taken to:

  • Enable compliance with GDPR requirements
  • Protect confidentiality, integrity and availability of our client data
BSI Case Study download

Commitment to Security

QX Accounting Services has always honoured its clients’ right to data privacy and protection. We are the first outsourcing company in India to become GDPR compliant.

Privacy Policy download

Why Is A GDPR Compliant Outsourcing Partner Important For You?

GDPR impacts data controllers and data processors alike, making it imperative for outsourcing companies (as data processors) to ensure that their data processing activities are carried out in accordance with the data protection principles set out in GDPR. Failing to get data protection right is likely to damage your reputation, your customer relationships and, ultimately, your finances.

As the 1st GDPR-compliant outsourcing company in India, we want our clients to be confident in knowing that we’ve taken all the necessary steps to not only keep their data secure but also to only collect and hold what is required.

We appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).

While we already use state-of-the-art servers in the UK for storage of data, we implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.

We set up an official 72-hour breach response plan that adheres with GDPR and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.

All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.

Data Protection Agreements

As required by the ISO 27701 framework, we now offer all our accounting clients with Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX Accounting Services and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:

  • We securely delete data after the required retention period /at the end of the contract
  • We submit to independent, third-party audits and inspections, and work with our clients to ensure we are both meeting Article 28 obligations
  • We have adequate levels of data protection controls in place for the transfer and processing of data
  • We only process personal data on documented instructions from our clients
  • We have a process that anonymises and encrypts data

Partner with us for a safe and secure outsourcing experience.

Book a Consultation Call

Quality and Data Protection

How Does QX Implement and Maintain the Strictest Quality and Data Protection Controls?

With a clear emphasis on measuring process effectiveness and performance, QX follows the globally accepted ISO 9001:2015 quality management system (QMS). In addition to giving us access to industry best practices, the adoption of a BSI-accredited, ISO framework helps us continually monitor and improve our procedures and processes.

To maintain rigorous quality control, we undertake regular training and audits. Our internal auditors verify the efficiency and effectiveness of our procedures and revise them, wherever needed. Moreover, to ensure that business objectives continually feed into our processes we validate our quality management system by third-party auditors.

  1. Our clients feel confident in QX’s ability to deliver services that meet their needs and requirements.
  2. We are better equipped to analyse and understand the efficient use of available resources – materials, processes, workforce, technology and information.
  3. Through our compliance with a quality management system, we display our commitment to quality and excellence to our clients.

 

Following a successful audit by the British Standards Institution (BSI), QX earned the internationally recognised ISO 27001:2022 certification for its information security management system. The British Standards Institute’s ISO 27001:2022 is the current best-in-class standard for Information Security Management Systems.

QX follows security guidelines such as:

  • Data access is restricted to authorized users only
  • All methods of data transfers to external sources are controlled
  • Removable storage devices like pen drives, smartphones, etc. are blocked on workstations
  • Access to Internet sites (email, FTP, online storage etc.) is blocked by the use of industry class firewall device
  • All workstations are protected by an enterprise-level Antivirus solution, which is continuously updated.
  • All operations areas are protected by a magnetic door locking mechanism with access only to department members.
  • All main doors are manned by security officers, with 24×7 CCTV camera monitoring
  • Users are periodically made aware of IT policies and security measures

QX recognises the need for such certification and acknowledges that ISO 27001:2022 indeed ensures appropriate controls to securely protect information and intellectual property. As an ISO 27001:2022 compliant organisation, we treat information as the most valuable asset and continually assesses our systems to ensure the highest level of information security.

QX has now started to establish and grow its business across different countries, and considering the diversity of stringent privacy law requirements, it was imperative for us to implement controls and measures that are in alignment with these requirements. That’s where QX implemented the ISO 27701 standard for global privacy management followed by a successful audit by the BSI.

ISO 27701 is the best practice structure for a privacy information management system that is aligned with the core principles of data protection. It is a privacy extension to the international Information Security Management Standard, ISO 27001. It specifies the requirements for – and provides guidance for establishing, implementing, maintaining and continually improving – a PIMS (Privacy Information Management System). It is based on the requirements, control objectives and controls of ISO 27001, and includes a set of privacy-specific requirements, controls and control objectives.

QX is now Cyber Essential certified, which demonstrates that the company has vigorous IT defences that are designed to contest cyber-attacks. The scheme has been designed by the UK Government to help organisations mitigate internet-based risks.

The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet. The scheme addresses five key controls (below), that when implemented correctly can prevent 80% of cyber-attacks.

  1. Boundary firewall and gateways
  2. Secure configuration
  3. Malware protection
  4. Patch management
  5. Access Control

Let’s Work Together

Explore outsourcing solutions, request a free trial or discuss your practice’s needs with our expert consultants.

Book a Virtual Meeting Book an In-person Meeting
arrow_upward 2