abl facebook

Create an Implementation Plan

October 08, 2022
Share
Share this story
Create an Implementation Plan

In a recent blog post, we outlined the three things your account firm should know to comply with the Federal Trade Commission (FTC) Safeguards Rule. The network security rule ensures financial institutions, like your accounting firm, are equipped to protect sensitive consumer information by methods like safeguards rule implementation plan. 

As part of the Rule, non-banking financial institutions must develop, implement, and maintain a written information security program outlining administrative, technical, and physical safeguards. 

Creating an implementation plan is one of the best ways your accounting firm can comply with the Safeguards Rule. This post guides you through the five steps you can take to create an implementation plan to comply with the revised network security rule. 

Develop an Accurate Systems Snapshot

One of the first steps in creating a Safeguards Rule implementation plan for your accounting firm is to develop an accurate list of all your systems and processes. This list will serve as a snapshot of your firm’s current network security measures and may be a way to pinpoint security gaps and improvements. 

To ensure you understand your firm’s current network security position, ensure your list captures the following:

  • All information systems, including all laptops and desktop computers, phone systems, databases used to store client information or sensitive business information, and accounting software.
  • Network systems, including router systems and firewall protection. 
  • Storage processes, including any off-site servers that you use to store sensitive client information or archive business materials. 

Outline Your Client Date Storage Process

While listing your storage processes is important, drilling down exactly how and where sensitive taxpayer information is stored across your business network is an important step in creating an implementation plan. Your accounting firm can do this by outlining the client data storage process from start to finish. Consider these questions to help you through this process:

  • If a potential client contacts your accounting firm for a quote, where do you store their personal information? 
  • If the client decides to work with you, where do personal information like addresses, social security numbers, and tax information get stored during tax season? 
  • Once you have filed your client’s taxes, where do you store all the tax preparation paperwork? 

Clearly defining how and where sensitive taxpayer information is stored and accessed across your business network can help you comply with the Safeguards Rule. 

Documenting Your Backup Recordkeeping Process

Going through the first two steps in creating your implementation plan should have illuminated any gaps in your network security and provided a clear picture of your client process. The next implementation step should be to outline your recordkeeping and backup process. 

If you work with a managed IT solutions company like ABL Computers, you likely have a secured off-site backup server to archive client information. A managed IT solutions team will ensure your records are backed up and archived consistently. However, if you don’t have an expert IT team on your side, you should document where private customer information is stored and the frequency of your backup process. 

Ensuring sensitive client and business information is appropriately backed up and archived makes complying with the FTC Safeguards Rule easier for your accounting firm. 

Securing Your Email

The next step in creating a Safeguards Rule compliance implementation plan is to confirm your accounting firm is using email encryption software. Email encryption ensures all communication entering or leaving your accounting firm is secured. Confirm every employee has email encryption software installed and updated on their computers and business phones, if necessary.

This may be a perfect time to refresh your accounting team on the importance of using email encryption software. Remember to include training on the importance of regular software updates to protect the sensitive taxpayer information of your clients. 

Security Management System

Your accounting firm’s security is only as good as the management system holding it together. If you don’t have the right system in place to remind you about critical software and hardware updates or you are not actively monitoring for security breaches, it’s time to establish a protocol. 

Make sure you have a security management system in place to defend against security breaches, and a protocol to follow if you or your team determines a security breach has occurred. Additionally, it’s important to outline guidelines your accounting firm can use if you determine sensitive client or business information has been hacked. Ensuring you know how to inform the appropriate federal, state, and local agencies about the breach is an important step in complying with the Safeguards Rule. 

Final Thoughts

Creating an implementation plan to comply with the Safeguards Rule requires a meticulous and strategic process. Ensuring your security processes are outlined is a great first step in spotting any security gaps or areas of improvement. ABL Computers knows how hard it can be to make sense of all the requirements. That’s why we offer expert and routine maintenance of all systems, hardware, and software your accounting firm relies on. We ensure you have an implementation plan that bridges gaps, increases security, and enhances internal data safeguards so you can easily comply with IRS, FTC, and other data security requirements. 

Contact us today to ensure your accounting firm has a strategy to secure sensitive client information and comply with FTC Safeguard Rules. 

Not Ready To Call Us Just Yet?

No problem, we still want to send you a copy of our recently published report, 21 Questions To Ask Before Hiring An IT Team.

Not ready to make the change right now? Are you sure that your financial service business is not vulnerable to expensive problems, such as, lost data, viruses, hacker attacks and other critical issues? Do you know their policies, procedures, and service standards? This report will provide you with important questions to ask your current IT professional.

Simply fill out the form here and we will send you a copy today!

21 Questions

DOWNLOAD YOUR FREE COPY NOW