Despite the numerous benefits offered by outsourcing lease administration and abstraction functions, businesses sometimes refrain from doing so, due to the fear of lack of data safety and security. If you are one of them, then this blog is a must-read for you. It touches upon six key data security related questions you should be asking your lease administration/abstraction service provider before signing up with them.
How is your data access structured? Ask your lease abstraction/administration service provider about their data access structure. Ideally, the access should be role-based, meaning the service provider should limit data access and editing permissions such that only those who need to work on the data should get access to it and also, the access level should be limited to their scope of work. All data access should be logged and monitored to detect any unusual activity that may be an indication of unauthorized access.
Where is all the work stored? Check with your service provider to ensure no work is performed or stored on their local machines or local external hardware. Data stored locally can be easily stolen. Ideally, your service provider should be using local machines to only access the Cloud or the main servers where all the work would actually be done and stored.
Is their IT outsourced? It is best if your service provider has an in-house IT team. While managed IT services is not necessarily a red flag, an in-house IT team is preferred as it means your vendor will be directly responsible for ensuring data security and safety standards are maintained. Check with your vendor if they have firewalls, antimalware systems, security patches and updates implemented.
How are the physical entry and exit points managed? Physical entry and exit points to the vendor’s office/workspaces where your leases are managed should be monitored and secured. Examples include CCTV cameras, biometrics, electronic access controls, etc.
How do they deal with hard copies? Check with your vendor if they will be using hard (paper) copies of your lease documents as a part of their SOP. If yes, then ask them to specify how and where they will be stored during the course of the project, who will be having access to them, how the access will be controlled and how these will be discarded after the project. Ideally, they should be shredded and disposed of under the supervision of the project manager or some other person in a position of authority.
Are they flexible? Your lease administration/abstraction service provider should be also flexible enough to accommodate your specific needs in terms of data security. For example, if you want multi-factor authentication for electronic data access or a strict ‘no-print’ policy followed during the project, your vendor should be willing to make it a part of their SOP for your project and implement it diligently.
Data security is a very real concern when outsourcing your lease administration and abstraction processes. An experienced vendor will most likely be following the best practices we discussed and be willing to improvise as well to suit your specific requirements.
Backed by 14+ years of lease experience, RE BackOffice’s lease administration team is well versed in all leading lease administration platforms including MRI, Yardi, Prolease, Lucernex, and more. To learn more about RE BackOffice’s lease administration services, contact us at support@rebackoffice.com.