I need to update my engagement letters to address the APES 305 cloud provider requirements. What do I insert for BGL?
APES 305 Terms of Engagement mandates that firms in public practice document and communicate the terms of engagement with their clients. Guidance is provided in respect of the general contents of an engagement document.
Section 3.7 of APES 305, mentions the following
"Where a Member in Public Practice will utilise Cloud Computing in the provision of Professional Services to a Client which is not an Outsourced Service, the Member in Public Practice should document and communicate to the Client the details of the Cloud Computing provider, the geographical location of where the Cloud Computing will be provided and how the Client’s confidential information will be stored."
BGL recommends inserting a paragraph into your engagement letter similar to the following:
In providing our SMSF services to you, we utilise Simple Fund 360 using Cloud Computing provided by BGL Corporate Solutions Pty Ltd (BGL). All of BGL's data is hosted in Australia only by Amazon Web Services (AWS). Both BGL and AWS have ISO 27001 Certification, an internationally recognised information security management standard that specifies leading practices and comprehensive security controls. BGL and AWS are subject to Australian privacy law.