![]() You may also consider appropriate building retrofits to reduce damage from such events such as earthquake braces, non-return valves on drains (for flood prone areas), and getting the right insurance. Additionally, you may create a disaster action plan that includes steps such as turning off gas/electric supplies, moving portable equipment and data to a higher level (in case of floods), and maintaining emergency contacts for staff members. An offsite data backup goes a long way in protecting your digital data in case of such events. The IRS checklist also covers protection against natural disasters such as floods and tornadoes as applicable to your location. If you have already implemented the physical safeguards we discussed in Physical Safeguards to Protect Client Data, this portion of the checklist is easy to satisfy. This covers your physical safeguards to prevent unauthorized access, including door locks and secure disposal. The cyber-risk policy is often expensive because identity theft risk is very high and as an accountant you possess significant high-risk customer information.Īs far as your clients are concerned, and by law, securing your client's data is your responsibility. If you will obtain a cyber-risk insurance policy to protect yourself against breaches or leaks of customers' personal information, the underwriter may require certain privacy obligations to be contractually agreed upon by your vendors. If you will be getting your own security setup audited or certified for compliance with security standards, you will very likely need to obtain written security and privacy policies from each of your vendors and also contractually obligate them to follow those policies. If you use written contracts (which you should), you may add security as a requirement in the contract itself. If they do not already have the right safeguards in place, you may have to work with them to start enforcing the same security standards that you use, or search for alternative providers. If you use vendors such as book-keepers or others who will have access to sensitive information, you need to verify that the vendors have appropriate safeguards in place.įor certain vendors, such as an online tax software provider, your secure document portal, or encrypted backup provider, such a verification may be easy to obtain from their website.įor others, especially local service providers, you may have to explicitly ask the owner or your account representative. ![]() They should also share their written security policy with you. Lastly, it reminds you to ensure that your service providers also have information safeguards in place, and that they commit to handling your clients' data securely in their contract with you. These activities cover services offered by credit counselors, financial planners, tax preparers, accountants, and investment advisors." The FTC document also explains what the privacy notice should contain, how it may be delivered, and when. The FTC document includes accountants and tax preparers specifically as activities for which this rule applies, stating that financial activities include "providing financial, investment or economic advisory services. The IRS checklist also covers checking on the FTC Privacy rule to determine if you are required to give privacy notices to your clients. You may adapt it to suit your firm's needs. The free template includes a sample list of safeguards to implement. It also covers testing your security plan and addressing deficiencies. This checklist covers conducting a security risk assessment, defining the required safeguards, and designating an individual to implement them. Let's discuss the IRS checklists one by one: Create a reminder or an appointment in your calendar to re-visit your security assessment in 3-4 months. Periodically re-evaluate and update your security safeguards as your business, technology, or other external factors change. Risk must also be managed when you share client information with your vendors or service providers. The previous articles in this series, available at Data Security for Tax Preparers: An Overview help you implement several essential safeguards for this purpose. The safeguards should protect against all reasonable security risks. ![]() Use this free data security template to document this and other required details.Ĭonduct a risk assessment and implement relevant safeguards. Designate yourself, and/or team members as the person(s) responsible for security and document that fact. Recognize that your business needs to secure your client's information. ![]() These checklists, fundamentally, cover three things: 4557 provides 7 checklists for your business to protect tax-payer data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |