I do not disclose non-public personal information to anyone, except as instructed to do so by clients in the normal course of our work or as required by law. I restrict access to stored non-public personal information to those professionals necessary to complete the work agreed upon and we maintain physical, electronic, and procedural safeguards to guard your non-public personal information.
General communication security standards – You set the general communication security standards based on the choices you make as explained in the first paragraph on “Communications” in our engagement agreement.
Custody of funds – I do not take physical possession of client funds nor do I have custody of client financial accounts while acting in the role of accountant or adviser. That means that I do not have the sole authority to sign checks or make withdrawals. In some cases, I can authorize electronic payments under pre-negotiated written accounting services arrangements. If I act in joint roles, for example as Treasurer, Board member or Officer in addition to my role as an accountant/adviser, then the specific additional authority of that role would be disclosed in a separate written agreement.
Paper documents – We prefer to not take physical possession of original documents or physical documents that contain personal information. A PDF file or clear cell phone photo is almost always a better option. If I do take possession of a paper document, I will issue a receipt and arrangements for its handling and return are made in writing on an individual case-by-case basis. Private client data, passwords and account access details for client files are not stored on any of my local physical devices so that loss of a cell phone or computer, for example, does not pose a security threat.
Transfer of Private Data through secure portal– Online document transfer and storage is handled by a US-domiciled Internet security service called SecureFilePro. Clients’ files are protected by tough industry-standard security measures based on a secure 256-bit SSL encryption during transmission and files are encrypted at rest on the private US-based server. At all times, clients can view and access only their own documents. We also endorse the use of secure messaging an encrypted email as needed.
Other electronic data handled by Adobe, Apple, CFS, Drake, Google and Microsoft – PDF document scanning and security is provided by Adobe Document Cloud. Security for most of my work and client information is provided by Microsoft’s cloud-based storage platform incorporated into Microsoft Office 365. In other words, I am as secure (no more and no less) as any of the many similar professional businesses that operate on a Microsoft Office 365 platform. Microsoft publishes much more information about security on its web site. Email is handled through Microsoft or Google services. Tax processing data used by CFS Software and Drake Software is held on a single secure PC device. Except for CFS and Drake tax software, no private data is contained on any of our devices.
Internet security – I use a reputable VPN for internet connections on all devices.
Passwords and account access details – I use an industry-leading third-party password security company for separate offsite management of passwords and online account log in details. Unique randomly generated passwords with 8 or more characters are used for each web site and client account. These passwords are not stored on any of my devices. The master account password is not recorded anywhere.
Please call if you have any questions, because your privacy and security, our professional ethics, and the ability to provide you with quality financial services are very important to us.
A link to my privacy and security agreement is included in our engagement agreement. I am available to discuss any questions or concerns.