Protecting your tax and financial and other sensitive information is our utmost concern. This is especially true when exchanging and managing documents online. Regardless of size, all accounting firms must comply with the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999.
The GLBA was enacted to protect consumers' private financial information and governs the collection and disclosure of clients' financial information by CPAs, accountants and tax preparers. It includes severe civil and criminal penalties for noncompliance.
Our Client Portal allows you to safely and conveniently exchange sensitive documents with us. Your data is protected in extremely secure environments. Multiple layers of security are applied to all servers and the most sensitive data is further protected by eight additional security layers. All these advanced security measures are compliant with Sarbanes-Oxley and Gramm-Leach-Bliley, as required by law.
The following chart is based on the Interagency Guidelines Establishing Standards for Safeguarding Customer Information.
Standards for Safeguarding Customer Information
|B.1||Ensure the security and confidentiality of customer information.||
|B.2, B.3||Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.||
Development and Implementation of Customer Information Security Program
|C.1.a||Access controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means.||
|C.1.c||Encryption of electronic customer information||
|C.1.f||Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems.||
Secured Socked Layer (SSL) Advanced Encryption Standard (AES) encryption using 128 to 256-bit keys ensures the security and privacy of the files and information transmitted through and stored in the Document Vault, Client and Firm Portal. 256-bit encryption is the highest available using the Advanced Encryption Standard.
To decipher a 256-bit SSL communication requires generating the proper decoding key out of the 2256 possible values, rendering the encrypted data practically impervious to intrusion. Even by systematically trying every possible key combination, cracking at 256-bit encryption is computationally unfeasible.
Additional Security Measures
In addition to the security measures applied to the Client and Firm Portal, there are a number of measures applied across all servers in the CPA Site Solutions system.
These measures are also fully compliant with both Sarbanes-Oxley and Gramm-Leach-Bliley:
- CPA Site Solutions servers are located in high quality SSAE 16/SAS 70 Type II Certified Datacenters.
- Servers housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
- Physical access to the servers is further restricted by Dual Factor Authentication Barriers.
- CheckPoint Hardware and Software Firewalls
- FireSlayer Anti-Denial of Service protection
- TrippingPoint intrusion prevention