A system for labeling data by sensitivity (e.g., public, internal, confidential, restricted) so that appropriate controls can be applied.
Data classification is the practice of categorizing data by sensitivity so that appropriate controls (encryption, access restrictions, retention rules) can be applied automatically. For CPA firms, a common four-tier model is public, internal, confidential, and restricted. Taxpayer information, Social Security numbers, and bank account data classify as restricted. Marketing materials and published firm information classify as public. Classification is normally captured during the data inventory exercise.
Without classification, every file gets the same treatment, which usually means the lowest common denominator. Classification lets you apply stronger controls to the most sensitive data (encrypted client portal for restricted, regular email for public) without slowing the firm down on routine documents. The FTC expects firms to know what data they hold and to protect it according to risk.
The Data Inventory & Classification module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA comprehensive record of all systems, applications, and locations where your firm stores, processes, or transmits client data.
Any record about a consumer that is held by a financial institution, including tax returns, Social Security numbers, and financial account data.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy