As you will be aware, there is a lot of information available about this topic. One of the best white papers is Small Business Information Security: The Fundamentals from National Institute of Standards and Technology from the U.S. Department of Commerce. Go here. In Appendix E the whitepaper describes Sample Policy & Procedures Statements.
In addition, Publication 4557 from the IRS – Safeguarding Taxpayer Data – Go here - provides more valuable guidance about obligations concerning the protection of client files and personally identifiable information, reporting a data loss and compliance with the FTC Safeguards Rule.
Part of the obligation faced by a CPA firm is the implementation of a cyber security policy. To assist our members we have drafted a template (available here ) specifically for a for a CPA firm which we hope you will find useful.
This is a template and should be modified accordingly. It is intended for educations purposes and not for the purpose of providing specific legal, accounting, or other professional advice to any particular recipient or with respect to any particular jurisdiction.
Jorgensen & Company are not attorneys and do not offer any form of legal advice. Consult with appropriately qualified local counsel for more assistance. Rickard Jorgensen is President and Chief Underwriting Officer for the CPAGold™ program and may be contacted at (201) 345 2440 or firstname.lastname@example.org.
- Posted by jorgcpa
- Posted in Accountants' professional liability insurance, Cyber Liability, Cyber resources, Cyber risk management, data breach, Data protection, email risk management, IRS cyber rules, Phishing scams, Privacy, risk management, security, Security policy, social engineering, social media, Uncategorized
- Jan, 13, 2020
- No Comments.
- Police Warn of New ‘Line-Trapping Technology’ Being Used to Scam People Over the Phone
- Example Disengagement letters
- Security Policy for CPA firms – a template
- UP IN SMOKE IV – A Bill to end marijuana prohibition in the U.S. passes key committee
- Outsourcing – malpractice risk management perils concerning subcontractor’s indemnification provisions.