Security Statement

Protecting your tax and financial and other sensitive information is our utmost concern. This is especially true when exchanging and managing documents online. Regardless of size, all accounting firms must comply with the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999.

The GLBA was enacted to protect consumers' private financial information and governs the collection and disclosure of clients' financial information by CPAs, accountants and tax preparers. It includes severe civil and criminal penalties for noncompliance.

Our Client Portal allows you to safely and conveniently exchange sensitive documents with us. Your data is protected in extremely secure environments. Multiple layers of security are applied to all servers and the most sensitive data is further protected by eight additional security layers. All these advanced security measures are compliant with Sarbanes-Oxley and Gramm-Leach-Bliley, as required by law.

The following chart is based on the Interagency Guidelines Establishing Standards for Safeguarding Customer Information.

Standards for Safeguarding Customer Information
Applicable Sections Support
B.1 Ensure the security and confidentiality of customer information.
  • Secure Sockets Layer (SSL) and Advanced Encryption Standard (AES) encryption from 128 to 256-bit keys ensure the privacy of all remote connections.
  • Administrators control the feature set of individual users or groups to restrict such features as File Transfer.
  • Filenames and firm identifiers are encrypted using advanced obfuscation schemes making targeted searches extremely difficult if not impossible.
  • The Document Vault and all files are backed up nightly, these backups are encrypted at the same 256-bit level as the Vault itself.
  • Servers housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
B.2, B.3 Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
  • Firm and Client users must log in to the Portal using unique user IDs and matching passwords.
  • Technicians running the Firm and Client Portal must log in with proper administrator credentials.
  • Brute Force Log in Protection prevents unauthorized users from attempting all possible passwords by temporarily locking out offending IP addresses after three failed logins.
  • SQL Injection protection blocks attacks aimed at the Vault’s database layer.
  • Servers are housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
  • Physical access to the servers is further restricted by Dual Factor Authentication Barriers.

Development and Implementation of Customer Information Security Program
  Applicable Sections Support
C.1.a Access controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means.
  • Support reps and managers are first authenticated at the CPASiteSolutions website by providing their email addresses and passwords.
  • Administrators control the feature set of individual users or groups to restrict such features as File Transfer.
  • Representatives must be approved and set up by an administrator before they can access client computers.
  • Brute Force Log in Protection prevents unauthorized users from attempting all possible passwords by temporarily locking out offending IP addresses after three failed logins.
C.1.c Encryption of electronic customer information
  • SSL and AES encryption using 128 to 256-bit keys ensure the privacy of all remote connections. AES is a U.S. government standard algorithm and is Federal Information Processing Standard (FIPS) approved.
C.1.f Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems.
  • The Firm and Client Portal generate usage/connection logs that can be reviewed by the customer for auditing purposes. In addition, CPASiteSolutions operates an intrusion detection system on its website and networks.

Encryption

Secured Socked Layer (SSL) Advanced Encryption Standard (AES) encryption using 128 to 256-bit keys ensures the security and privacy of the files and information transmitted through and stored in the Document Vault, Client and Firm Portal. 256-bit encryption is the highest available using the Advanced Encryption Standard.

To decipher a 256-bit SSL communication requires generating the proper decoding key out of the 2256 possible values, rendering the encrypted data practically impervious to intrusion. Even by systematically trying every possible key combination, cracking at 256-bit encryption is computationally unfeasible.

Additional Security Measures

In addition to the security measures applied to the Client and Firm Portal, there are a number of measures applied across all servers in the CPA Site Solutions system.

These measures are also fully compliant with both Sarbanes-Oxley and Gramm-Leach-Bliley:

  1. CPA Site Solutions servers are located in high quality SSAE 16/SAS 70 Type II Certified Datacenters.
  2. Servers housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance.
  3. Physical access to the servers is further restricted by Dual Factor Authentication Barriers.
  4. CheckPoint Hardware and Software Firewalls
  5. FireSlayer Anti-Denial of Service protection
  6. TrippingPoint intrusion prevention

Warning - due to inactivity, your session will expire in 15 seconds . . .

Would you like to continue your session?