Built for a profession where you carry the liability.

If you ever leave

Your data leaves with you. Export every document, extraction and workpaper in standard formats, free and self-serve, at any time — including on cancellation. After you go, we delete or de-identify what remains within a short, stated window. We don’t lock the filing cabinet: your records are always yours to take, in or out.

Our certification programme

Quarterhand is engineered against recognised security frameworks from the outset, and we are formalising that through independent audit.

SOC 2 (System and Organisation Controls 2). A voluntary auditing standard for cloud service providers, assessing how customer data is secured, kept available, and handled confidentially. Our SOC 2 Type II programme is in progress: controls are implemented and operating, with the independent audit period to follow. For a bookkeeping practice, this provides third-party assurance — not just our word — that your clients’ data is protected.

ISO 27001. The globally recognised standard for information security management systems. Where SOC 2 examines controls at a point in time and over a period, ISO 27001 certifies the ongoing management system behind them — how risks are identified, treated, and reviewed continuously. Our information security management system is being built to ISO 27001 requirements, with certification to follow audit readiness.

We publish progress honestly: until an audit is complete, we describe these as programmes underway — never as held certifications. What is true today regardless: Australian data residency, encryption in transit and at rest, TFN auto-redaction before storage, full audit trails, and free export of your data at any time.