Why As a CPA, EA, or Accounting Firm Owner You Should Be Concerned about this:
More often than not, CPA firms are endowed with numerous essential data of their clients that are of utmost importance.
Not only are these pieces of information linked with the financial security of these clients, but they are also integral to preventing identity theft.
Therefore, maintaining data security and confidentiality is the need of the hour for every CPA firm.
As such, Infinity Globus understands the importance of crucial data that comes into possession of the firms that deal in tax, bookkeeping, accounting, payroll, and related services.
We are extremely committed to maintaining confidentiality and offering utmost security at all levels. We are dedicated to maintaining the utmost security and confidentiality of the data by all means. Keeping that in view, Infinity Globus is a proud SOC 2 Type 2 compliant firm that critically understands its fundamental obligation to extend thorough data protection and security at all levels.
We are dedicated to safeguarding the privacy of the information shared with us. We are proud to be an ISO 27001-2013 certified firm for the most Standard Quality Measures pertaining to Information Security.
Data Security
Infinity Globus has an efficient security policy and a strict privacy protocol that aids in shielding crucial information from unauthorized access and potential misuse. As such, we have stringent policies in place that safeguard essential data by all means.
Data Security
- We possess closed-circuit cameras on our premises that monitor and secure the workplace.
- Our workstation is devoid of CD R/W drives.
- We have disabled USB ports at our workplace.
- Each of our workstations has a fully functional anti-virus software in place that regularly checks recent updates, followed by a quick scan, which occurs every day. We also schedule a boot and full scan on a weekly and monthly basis, respectively.
- We have anti-malware software on each of our computers which carries out a quick scan twice daily.
- Our company’s network is safeguarded by default Windows firewall software.
- We follow a procedure whereby all our computers tend to be password protected for added security. Here too, each of the users possesses a password that gets changed compulsorily every 42 days.
- We maintain varied account management policies, such as the deactivation of accounts after affiliation separation. Simultaneously, the account access requisites are reviewed regularly for potential changes.
- To enable added security, we have session control over all workstations and servers. Furthermore, the server is designed specifically in a way that it gets locked after 5 minutes of unattended time, requiring re-authentication to unlock again. Likewise, each of the computers gets locked after 10 minutes of unattended time, again requiring a re-authentication for unlocking purposes.
- We have numerous operations enabled to prevent data losses. As such, we maintain a previous version backup scheduled twice a day for the said purpose. Also, the differential and full backup are scheduled weekly and monthly, respectively.
- We do not allow the utilization of personal email accounts. Also, we maintain restrictions over access to various internet sites for enhanced security.
- Infinity Globus aims to build a paperless world that not only fosters an eco-friendly environment but also ensures data security.
Data Confidentiality
- There is an access control system installed at the workplace entry point that allows controlled entry into the production area.
- We maintain restricted server room access, and only the IT team is authorized to enter the arena. This entry too, is possible only with an access card.
- We follow measures by which our document storage area is well-secured.
- To the best of our ability, we maintain reasonable control over client data. As such, only authorized users retain access to the confidential information of the clients they are catering to.
- We even follow stringent IP authentication that restricts outsiders from laying hands on the confidential data of the organization.