The FTC Safeguards Rule requirement to select, contract with, and monitor vendors that handle your client data.
Service provider oversight under 16 CFR 314.4(f) requires financial institutions to take reasonable steps to select service providers capable of maintaining appropriate safeguards, require those safeguards by written contract, and periodically assess service providers based on the risk they present. For CPA firms, service providers include tax software vendors, cloud storage providers, IT/MSP partners, payroll processors, e-signature platforms, email hosts, and anyone else who can access client data.
Outsourcing the work does not outsource the accountability. If your tax software vendor is breached, the FTC still holds your firm responsible for whether you exercised reasonable oversight. That means written contracts with security clauses, periodic risk reviews of each vendor, and a documented vendor list. Most cyber insurance policies also require evidence of vendor due diligence as a condition of coverage.
The Vendor Assessment Module module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy