The combined responsibilities of the tax software vendor and the firm for protecting taxpayer data inside tax preparation software.
Tax software security covers both the vendor's controls (encryption, MFA, secure infrastructure, vulnerability management) and the firm's configuration (user provisioning, role permissions, access reviews, audit logging). The IRS holds the firm responsible for safeguarding taxpayer data regardless of which software is used. CPA firms should evaluate tax software vendors for SOC 2 reports, encryption standards, MFA support, breach notification commitments, and data export and portability.
Major tax software vendors have been breached. When they are, every firm that uses them faces a notifiable incident. The firm cannot delegate its security obligations to the vendor; the firm must verify, document, and re-verify each year. Vendor due diligence is part of the FTC Safeguards Rule service provider oversight requirement. Pick vendors that can produce a SOC 2 or equivalent on request.
The Vendor Assessment Module module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingThe FTC Safeguards Rule requirement to select, contract with, and monitor vendors that handle your client data.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A comprehensive record of all systems, applications, and locations where your firm stores, processes, or transmits client data.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy