What would most concern you if the regulator paid you a visit tomorrow?
Our CEO David Davies and COO Claire Tucker had the pleasure of being in London with Signia Search and their community The Ops Club on the 27th November 2024 to facilitate their discussion on the topic, “What would most concern you if the regulator paid you a visit tomorrow?".
It was a thought-provoking discussion, which challenged the community to consider who is accountable in the eyes of the regulator for their data as SMF holders in advice firms.
We were then posed the question, "Considering most members of the community are SMEs (sub 150 FTE), what 3 actions would you advise all member firms to action in the immediate future?"
Our top 3 actions were:
1. Find out where your data is held
You need to understand which third parties hold your data. Ask them questions such as:
- What country is your data held in?
- What environments?
- What are their policies on cybersecurity testing and resilience?
Then make sure you can evidence their responses.
2. Recognise your accountability
The accountability of your data lies with you and your team, not the third parties like Microsoft or IO.
Data is your biggest asset- you are responsible for it in the eyes of the regulator.
3. Have policies and procedures – and test them
Implement policies to protect your data and make sure it's correct, and ensure they’re followed. But don’t stop there:
- Test your policies for Security, Disaster Recovery, or Business Continuity
- Be ready to evidence the results of your testing
Do you know where your data is? Have you got policies and procedures in place to protect it? If you need any support in this area then reach out to us for advice.
