Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Image Alt

For CPA’s & Financial Professionals

Safeguard Obligations for CPA’s & Financial Professionals

Cyber Security Requirements & Solutions for Accounting Firms & CPA’s.

CPAs are entrusted with sensitive financial information of their clients, making cybersecurity a critical aspect of their professional responsibilities. In the United States, CPAs are required to comply with various regulations and standards to ensure the security and confidentiality of data. One of the key regulations that CPAs need to follow is the Gramm-Leach-Bliley Act (GLBA), which mandates financial institutions, including CPAs, to protect the privacy and security of their clients’ personal information.

Additionally, CPAs are often subject to the requirements of the Sarbanes-Oxley Act (SOX), which imposes strict regulations on financial reporting and internal controls. While SOX does not specifically address cybersecurity, it indirectly impacts CPAs by emphasizing the importance of maintaining accurate and secure financial data.

Furthermore, the American Institute of Certified Public Accountants (AICPA) has developed the SOC 2 (Service Organization Control 2) framework, which focuses on the security, availability, processing integrity, confidentiality, and privacy of data processed by service organizations, including CPAs. CPAs may undergo SOC 2 audits to demonstrate their compliance with these security standards.

In addition to these regulations and standards, CPAs are encouraged to stay informed about emerging cybersecurity threats and best practices through resources provided by organizations such as the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA).

Overall, CPAs are required to implement robust cybersecurity measures, such as encryption, access controls, regular security assessments, and employee training, to safeguard their data and their clients’ data from cyber threats. By staying informed about regulatory requirements and industry best practices, CPAs can effectively mitigate cybersecurity risks and protect the confidentiality and integrity of financial information.


CPA’s and Financial Professionals are obligated to comply with the Code of Professional Conduct

Due Care is an essential element of the Code of Professional Conduct including ensuring that all client information is protected to maintain confidentiality.

Tax preparers are obligated to an even higher level of due care.

Per the IRS guide on Safeguarding Taxpayer Data:

Data thefts at tax professionals offices are on the rise

Tax practitioners are firmly in the sights of fraudulent data thieves

Data security is now a necessity for every tax professional, whether a partner in a large firm, a sole practitioner, and all Authorized IRS e-File providers

Protecting Taxpayer Data is now the Law!The Graham-Leach-Bliley Act empowers the FTC to implement Safeguard Regulations for financial institutions, which specifically includes professional tax preparers

The Safeguard Regulations require firms to:

Create and enact written information security plans describing the program to protect customer data. The written plan must follow these steps:

Designate a coordinator of the information security program

Identify and assess the risks to customer data

Design and implement a safeguards program and regularly monitor and test effectiveness

Select service providers that can maintain appropriate safeguards

Evaluate and adjust plan as necessary

Use the Safeguards Rule checklists regarding: Employee Management and Training, Information Systems and Detecting and Managing System Failures

In addition to the Safeguard Regulations, Online (e-File) providers must follow the following these six security and privacy standards per IRS Publication 1345

Extended Validation SSL Certificate

External Vulnerability Scan

Information Privacy and Safeguard Policies

Web site Challenge-Response Test

Public Domain Name Registration

Reporting of Security Incidents

There are legal, moral, ethical, and business reputational demands to secure client’s confidential private information. On top of that, certified public accountants assume an obligation of self-discipline above and beyond the requirements of laws and regulations.

Your subscription to CYBER 631 is an essential step to meet this professional standard and to ensure that you have done all you can to meet the highest standards of Due Care to protect your client’s information and your firm’s professional reputation.


Subscribe to CYBER 631


Request More Info

Find out more about what Cyber631 can do to protect your business.

    Please prove you are human by selecting the house.


    Verified by MonsterInsights