Protecting data with cryptographic controls while it moves between systems, typically using TLS 1.2 or higher.
Encryption in transit applies cryptographic protection (TLS 1.2 or higher) to data while it moves between systems: email, file transfers, API calls, browser sessions, and VPN traffic. The FTC Safeguards Rule requires it for transmissions of customer information under 16 CFR 314.4(c)(3). TLS prevents an attacker who intercepts the network traffic from reading the data. For CPA firms, this matters most for email containing taxpayer documents, client portal uploads, and remote desktop sessions.
Email by default is unencrypted in transit between mail servers, despite what the lock icon in your browser suggests. Sending tax returns or W-2s via standard email leaves them readable on intermediate hops. Encrypted email gateways, secure client portals, and TLS-required mail policies close this gap. The FTC has pointed to unencrypted email transmission as a Safeguards Rule violation in enforcement actions.
The 58-Control Register module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingProtecting stored data with cryptographic controls so that it cannot be read by anyone without the decryption key.
A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy