Data Security & Compliance

Last updated: February 2026

At Scale Suite, protecting your data and maintaining the highest professional standards are fundamental to how we operate. This page outlines our security measures, professional compliance framework, and quality assurance practices.For information on how we collect, use, and share personal information, please refer to our Privacy Policy at scalesuite.com.au/privacy-policy. For the legal terms governing our services, please refer to our Terms and Conditions at scalesuite.com.au/terms-conditions. 

1. Professional Registrations and Standards

Scale Suite holds the following professional registrations:

- Registered BAS Agent (Registration No. 26298194) with the Tax Practitioners Board (TPB)
- Certificate of Public Practice with Chartered Accountants Australia and New Zealand (CAANZ)
- Certified Xero Advisor 

These registrations subject us to rigorous regulatory oversight, professional conduct requirements, and ongoing compliance obligations that go beyond standard business practices. 

2. Tax Practitioners Board (TPB) Compliance

As a registered BAS Agent, Scale Suite upholds the ethical and operational standards set out in the Code of Professional Conduct under the Tax Agent Services Act 2009. This framework governs how we maintain confidentiality, integrity, and competence across all services.To maintain our registration, we fulfil the following obligations:

- Compliance with ongoing registration obligations, aligning our practices with TPB expectations for ethical service delivery
- Completion of at least 45 hours of Continuing Professional Education (CPE) every three years to remain current with tax and BAS developments
- Regular internal reviews to verify adherence to TPB standards on professional conduct, client care, and secure record management
- Compliance with TPB guidelines on client data handling, which require secure storage and appropriate use of information
- Subject to random audits by the TPB to verify ongoing compliance 

3. Chartered Accountants Australia and New Zealand (CAANZ) Compliance

As a Certificate of Public Practice holder, Scale Suite is committed to the comprehensive professional standards set by CAANZ, including:

- Compliance with Certificate of Public Practice requirements, requiring us to follow ethical and operational norms for public accounting
- Participation in the Quality and Practice Review Program, with periodic assessments to uphold service consistency and compliance
- Professional Indemnity Insurance of $2,000,000 per claim, providing protection against potential professional oversights
- Completion of a minimum of 120 hours of Continuing Professional Development (CPD) over three years (at least 20 annually) to build ongoing expertise in accounting and related fields
- Compliance with CAANZ's Member Obligations, fostering transparency, ethical behaviour, and accountability in client dealings
- Alignment with CAANZ's Code of Ethics, which directs professional conduct, client relationships, and data handling responsibilities
- Subject to random audits by CAANZ to verify adherence to professional standards 

4. Quality Assurance Program

We maintain high standards of data integrity through a quality assurance program specific to finance services (e.g., Financial Reporting), designed by Australian and New Zealand Chartered Accountants.

Key elements of our quality assurance approach:

- Two-person review minimum: All work is reviewed and touched by at least two team members before delivery to ensure accuracy and completeness
- BAS agent review: All BAS and payroll-related work is reviewed by a registered BAS agent before lodgement
- Standardised processes: Documented procedures for all recurring tasks, including bookkeeping, month-end close, payroll processing, BAS preparation, and board reporting
- Ongoing professional development: All team members maintain their professional qualifications through continuing education requirements 

5. Security Measures

We prioritise data protection through practical measures and reliance on established, secure services:

- Multi-Factor Authentication (MFA): Required for all system access, providing an extra layer of verification through methods such as passwords combined with mobile authentication
- Password Protection: All client files are password protected. Complex, unique passwords are enforced and updated regularly
- Secure Cloud Infrastructure: All work is performed within client cloud-based systems (e.g., Xero) or stored on our secure, access-controlled cloud drives. We do not store client financial data on local devices
- Device Security: All team devices are secured with access controls, locked when not in use, and equipped with up-to-date antivirus and endpoint protection software
- Access Control Policies: We implement role-based access to ensure only authorised personnel can view or handle specific information. A register of team members with access to client systems is maintained and available on request
- Data Backup and Recovery: Through our third-party service providers, we benefit from regular, secure backups to support continuity and data integrity
- Incident Response: We follow structured processes to identify and address any security concerns promptly. We aim to notify affected parties within 24 hours of any suspected data breach or security incident
- Periodic Security Reviews: We conduct periodic internal reviews of our security practices and access controls to ensure ongoing compliance with our professional obligations and industry best practice 

6. Confidentiality

All Scale Suite staff are bound by strict confidentiality clauses in their employment or contractor agreements, with breach subject to immediate termination. Our confidentiality obligations to clients survive termination of any engagement indefinitely.

We will not disclose client information to any third party except as required by law, as authorised by the client, or as necessary to deliver the agreed services. 

7. Payroll Data and Privacy

We acknowledge that payroll data contains sensitive personal information. Payroll data is handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). Access to payroll data is restricted to team members directly involved in payroll processing and senior oversight. All payroll-related work is reviewed by a registered BAS agent. 

8. Client Data Ownership

All financial data, records, and information within client systems (including Xero, payroll platforms, and banking) remains client property at all times. Clients retain full administrator access to all their systems throughout the engagement.

All work product created specifically for a client (including financial models, reports, reconciliations, customised templates, and process documentation) is and remains client intellectual property.

For full details on data ownership and intellectual property, please refer to Sections 9 and 10 of our Terms and Conditions at scalesuite.com.au/terms-conditions. 

Our Commitment

- Transparency: We openly share details on our data handling practices so you understand how your information is protected
- Proactive Protection: We address potential risks thoughtfully and consistently through secure tools, professional standards, and ongoing review
- Accountability: Our professional registrations, insurance, and regulatory oversight provide assurance that we stand behind our services
- Continuous Improvement: We regularly assess our approaches to enhance service quality, security, and alignment with best practices 

Contact Us

Scale Suite welcomes your feedback and questions about our data security and compliance practices.

Scale Suite Pty Ltd
ABN: 16 684 424 771
Email: hello@scalesuite.com.au
‍Website: www.scalesuite.com.au

‍