Sageworks Security Best Practices
Password Policy
The account password should be a minimum length of 8 alphanumeric characters, using a mix of both upper and lower case letters and symbols. Also, a challenge question and answer within the user account administration panel needs to be established. This challenge question will prevent unauthorized personnel from making changes to the user account password, which is shared by all users within the firm. After an employee is terminated, their account password should be changed and the Sageworks desktop icon needs to be redistributed to the employees. This precaution will prevent terminated employees from gaining unauthorized access to the Sageworks account and client data.
Desktop Icon Installation Link: www.profitcents.com/icon
Client ID Code Policy
An ID code should be established for each client within Sageworks rather than using the actual client name. This ID will ensure the maximum level of client confidentiality and privacy of client data. The firm will use the ID code established within the firm’s time billing system to maintain a consistent naming policy across firm clients.
Work Paper Lockdown Policy
All reports that are to be included as part of the audit working papers should be exported to Word, Excel, or PDF once the report has been finalized. These documents should be set to read-only access on the network share drive or imported into the work paper document management system and locked down according to the firms existing lockdown policy.