Times are changing. If you are experiencing more and more client questions or requirements pertaining to compliance certifications and audits, you know what I'm talking about.
"Inherit" may seem like one of those terms-of-art used by insiders, but information technology professionals use it here to indicate a benefit from association. Once you understand the process, "inherit" sounds good.
- A web computing platform, or data center, submits itself to formal audits and certification processes receiving third-party compliance and security certifications.
- The SaaS company providing a debt collection software platform provides their software service hosted on those web servers. The certifications for security and compliance (e.g. FISMA, Tier III, HIPAA, SOC-III) then apply to the software company, effectively being "inherited" by the association. Then the software company goes through its own certifications (for example, InterProse goes through SSAE18 audits, SOC-I Type-II, PCI DSS, Penetration Testing)
- A customer, like yourself, subscribes to said SaaS platform, and immediately "inherits" the SaaS company's compliance and security certifications as well as what the web computing or data center company passes along to the SaaS company.
You may find yourself in one of four categories:
- Your software is web-based, probably hosted by a data center, but cannot provide the level of security or compliance required by your customers. If you are getting data backups with your service, it may not meet compliance rules.
- Your software provider set you up on a remote server but you are still responsible for its security and compliance, and it's costing you a fortune every year. Data backups are on you, and boy are they expensive and time consuming.
- You own your server, having to both keep up with changing security requirements and the costs associated with it is draining you of precious time and treasure. Again, data backups are expensive because they have to be exact copies, kept up to date, and in a different geographic location.
- You run your business on web-based software hosted on a web computing platform like Amazon Web Services, and you inherit every security and compliance standard available just by contracting with your SaaS provider. Your data is also being backed up off-site, meeting all data backup standards.
Bonus Category: You're not keeping up with the certifications or data backups because they are expensive, confusing and onerous, rolling the dice on security and compliance, and waking up in a cold sweat every week.
If you don't know where you fit, I recommend doing research immediately. Staying compliant and secure eliminates liabilities that could not only be disruptive to your business, but potentially close it down or cost piles of money to rectify.
How much money and time can a web-based platform with inherited compliance and security save you? A lot! Grab a sheet of paper and do a quick estimate of your expenditures in this area:
- Licensing fees for databases
- Upgrade fees for software (a SaaS platform should not have upgrade costs)
- Security certification costs
- Server maintenance costs
- Data backups
- SSAE audit costs
- Hours spent by staff on these items (multiply by hourly costs)
- Total it up. Circle it. Now, ceremoniously scribble it out and rip your paper in half. Those expenses can go away with a modern, web-based platform hosted through a reputable web computing platform!
There are not many truly web-based debt collection software platforms available. Fewer still can pass down the highest levels of security and compliance certifications through "inheritance" because they simply do not have them. If you are looking for new software, protect your business by asking detailed questions about security and compliance!