Third Party Services

PLATINUM CLOUD consulting

Our firm may, from time to time, confront internal control review of professional association (CPA) or use the services of third party contractors to perform some of the services we are engaged to perform for you.

The list of third party association or contractors currently used by our firm, to whom client information will or may be disclosed include:

·  National Tax and Accountants Association (NTAA),

·  CPA Australia,

·  KAV Partners Pty Ltd,

·  NowInfinity Pty Ltd,

·  ClearDocs,

·  Evolution Live,

We will notify you of any change to this list from time to time.

Each client in the Group hereby authorises us to disclose information relating to that client’s affairs to such third party contractors as we may choose to engage to perform such work.

Where we use the services of third party contractors, we are nevertheless responsible for the conduct and activities of those contractors and for the delivery of the services we are engaged to perform for you.

Acceptance of our services in conjunction with this engagement document indicates your acceptance of the use of outsourced services as described.  Where the outsourced service requires the disclosure of personal information to an overseas recipient a consequence of your consent is that they will be required to take reasonable steps to ensure that the Australian Privacy Principles are complied with by the overseas recipients of the Personal Information.

From time to time, our firm and our third party contractors may engage external IT service providers (including in relation to “cloud computing” services) in the performance of services under this engagement.

The list of external IT service provider(s) currently used by our firm or our third party contractors, to whom client information will or may be disclosed, is as follows:

·         Xero
·         Xero workflowmax
·         MYOB cloud versions
·         Adobe Sign
·         CAS 360
·         BGL 360
·         CCH iknow
·         Quickbooks cloud versions
·         Google mails
·         Streak
·         Evernote

·         Ezidebit

·         Gocardless
·         Drop Box Business

We will notify you of any change to this list from time to time.

Each client in the Group hereby authorises us and our third party contractors to disclose information relating to those clients' affairs to such external IT service providers as we or our third party contractors may choose to engage.

We may also need to disclose information relating to one client’s affairs to other clients in the Group to assist in performing our work, to persons responsible for the governance of an entity to comply with accounting standards, or to a professional body of which we are a member, in relation to a quality review program undertaken by that body.  Each client in the Group hereby authorises us to do so when we consider it appropriate to further our performance of work for the Group, or when required by that professional body.

Storage of Personal Information

We store your data in Drop Box Business as well as offline backup facilities. We are taking reasonable steps to ensure that the data information is secured according to the relevant requirements,

By signing this letter and accepting these services you acknowledge and agree that your personal information may be stored overseas.

Our commitment to being responsible data custodians

We are committed to being responsible data custodians, protecting your privacy and ensuring that your personal information does not get misused. We take our obligations to you seriously and understand how important it is that your personal information is kept secure and not disclosed to any unauthorised entities or used for any unauthorised purposes. We also understand and respect that, in the event of a notifiable data breach, you are entitled to be made aware of this breach so you can take appropriate actions to protect yourself.

The measures we can put in place to protect your personal information and data include (but are not limited to):

·       The ability to apply two step (2SA) authentication to access across all sensitive applications (not on an application by application basis)

·       Restriction of remote access to specific locations and/or block overseas access to our systems

·       Track and monitors attempted access to our systems and identify suspicious activity

·       Log usage in an audit trail and retrospectively determine the suspected source of a breach to report to authorities. With this tool we can see what applications were accessed, when they were accessed and from where.

·       Terminate user access to all sensitive cloud applications by disabling a single user account

·       Remotely wipe mobile devices in the event they’re breached, lost or the user associated with the device is terminated We can restrict access to reasonable times such as business hours

·       We are able to share access to applications using a single user ID without having to divulge cloud app passwords to staff

·       Our staff only need to remember one single password to all sensitive applications decreasing the risk associated with ‘password sprawl’

·       The ability to federate our identity systems so that access to desktops, servers and browser-based cloud applications are accessed via one single identity.

We have policies and documentation in place that

·       Educates and sets expectations on best practice password and access management to staff in the form of an IT and Internet usage policy.

·       Third party access agreements that govern and limit liability in the event a third party such as an IT contractor or outsourced provider should breach our data security policies

·       A privacy policy that makes clear how we manage client information

·       A data breach response plan that lays out the steps we take in the event of a breach and communicates our obligations under the Notifiable Breach Legislation

·       A specialist data security legal service contracted to support us in the event of a breach to ensure the appropriate remediation and notification steps are taken.

·       A retainer-based engagement with a specialist cyber-security firm that provides guidance and best practice systems to protect our clients’ privacy

·       This cloud best practice certification that validates our firm as a responsible data custodian

We also have access to external advisors with expertise to handle privacy and data protection matters.Type your paragraph here.