fbpx

Your Tax Security Is Important To Us

Protecting your tax and financial and other sensitive information is our utmost concern. This is especially true when exchanging and managing documents online. Regardless of size, all accounting firms must comply with the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999.

The GLBA was enacted to protect consumers’ private financial information and governs the collection and disclosure of clients’ financial information by CPAs, enrolled agents, accountants, and tax preparers. It includes severe civil and criminal penalties for noncompliance.

The Tax Samaritan Client Portal allows you to safely and conveniently exchange sensitive documents with us. Your data is protected in extremely secure environments. All these advanced security measures are compliant with Sarbanes-Oxley and Gramm-Leach-Bliley, as required by law.

The following chart is based on the Interagency Guidelines Establishing Standards for Safeguarding Customer Information.

Standards for Safeguarding Customer InformationApplicable SectionsSupport
B.1Ensure the security and confidentiality of customer information.
  • Secure Sockets Layer (SSL) and Advanced Encryption Standard (AES) encryption from 128 to 256-bit keys (depending on the browser) ensure the privacy of all remote connections.
  • Administrators control the feature set of individual users or groups to restrict such features as File Transfer.
  • Filenames and firm identifiers are encrypted using advanced obfuscation schemes making targeted searches extremely difficult if not impossible.
  • The Document Vault and all files are backed up nightly, these backups are encrypted at the same 256-bit level as the Vault itself.
  • Servers housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
B.2, B.3Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
  • Firm and Client users must log in to the Portal using unique user IDs and matching passwords.
  • Technicians running the Client Portal must log in with proper administrator credentials.
  • Brute Force Log in Protection prevents unauthorized users from attempting all possible passwords by temporarily locking out offending IP addresses after three failed logins.
  • SQL Injection protection blocks attacks aimed at the Vault’s database layer.
  • Servers are housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
  • Physical access to the servers is further restricted by Dual Factor Authentication Barriers.

Development and Implementation of Customer Information Security Program

Standards for Safeguarding Customer InformationApplicable SectionsSupport
C.1.aAccess controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means.
  • Support reps and managers are first authenticated at the Tax Samaritan website by providing their email addresses and passwords.
  • Administrators control the feature set of individual users or groups to restrict such features as File Transfer.
  • Representatives must be approved and set up by an administrator before they can access client computers.
  • Brute Force Log in Protection prevents unauthorized users from attempting all possible passwords by temporarily locking out offending IP addresses after three failed logins.
C.1.cEncryption of electronic customer information
  • SSL and AES encryption using 128 to 256-bit keys (depending on the browser) ensures the privacy of all remote connections. AES is a U.S. government standard algorithm and is Federal Information Processing Standard(FIPS) approved.
C.1.fMonitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems.
  • Tax Samaritan generates usage/connection logs that can be reviewed for auditing purposes. In addition, Tax Samaritan operates an intrusion detection system on its website and networks.

Encryption

Secured Socked Layer (SSL) Advanced Encryption Standard (AES) encryption using 128 to 256-bit keys ensures the security and privacy of the files and information transmitted through and stored in the Document Vault and Firm Portal. 256-bit encryption is the highest available using the Advanced Encryption Standard.

To decipher a 256-bit SSL communication requires generating the proper decoding key out of the 2256 possible values, rendering the encrypted data practically impervious to intrusion. Even by systematically trying every possible key combination, cracking at 256-bit encryption is computationally unfeasible.

Additional Security Measures

In addition to the security measures applied to the Client Portal, there are a number of measures applied across all servers in the Tax Samaritan system.

These measures are also fully compliant with both Sarbanes-Oxley and Gramm-Leach-Bliley:

  1. Servers housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
  2. Physical access to the servers is further restricted by Dual Factor Authentication Barriers.
  3. CheckPoint Hardware and Software Firewalls
  4. FireSlayer Anti-Denial of Service protection
  5. TrippingPoint intrusion prevention