Haskins Advisory
MoroccoUK
Security & Compliance
We don’t bring your data into our systems. We log into your UK Microsoft 365, Google Workspace or private cloud tenant, under your controls, and operate as part of your governance framework.
Aligned with UK GDPR, UK practice regulation and ISO 27001 control families.
Our security model is built around the same questions your own risk and compliance teams ask: Where does data live? Who can access it, from where, and under what conditions? How is that access monitored and evidenced?
We answer these with a combination of Microsoft 365 controls (MFA, Conditional Access, device compliance, PIM), documented UK GDPR transfer mechanisms, and a full audit trail available for your internal audit or file reviewers.
We operate entirely within your UK tenant. No data extraction, no shadow IT.
Your existing Xero, Silverfin, and CCH environment. Data remains under your sovereignty.
Strict identity management. MFA enforced, device compliant, and location locked.
Remote desktop access only. No local storage, clean desk policy, 100% logged sessions.
Audit Trail
100% Logged
Device Control
MDM Locked
Network
VPN Tunnel
Before the first task is started, we deploy a documented control set across identity, devices, monitoring, legal and data residency.
Remote access from Morocco to UK or EU data is treated as a restricted transfer. For UK firms, our standard DPA incorporates the ICO International Data Transfer Agreement (IDTA) and is supported by a documented Transfer Risk Assessment.
Your tenant: All client data stays in your own stack, typically hosted in UK/EEA datacentres. We do not export ledgers or working papers.
Our tenant: Haskins’ internal tenant (email, HR) is provisioned in EU/EEA datacentres under Microsoft’s EU Data Boundary commitments.