Cyber Security Policy (Last Updated: 10/01/2024)

Purpose and Scope

This policy establishes comprehensive measures to safeguard Tax Processors Plus digital assets, ensuring confidentiality, integrity, and availability. It applies to all employees, contractors, and third-party vendors who interact with our systems and data.

Responsibilities

General Responsibilities:

a) Employees must protect login credentials, use company devices solely for business purposes, and report security concerns immediately.

IT Department:

a)Implements and monitors security controls, ensures systems are updated with the latest patches, and conducts regular audits to identify vulnerabilities.

Management:

a) Allocates necessary resources to maintain robust cybersecurity practices and enforces adherence to this policy.

Security Controls

Access Management:

a) Password policies and two-factor authentication (2FA) ensure authorized access to sensitive data. Tax Processors Plus uses secure tools like ZOHO OneAuth for credential management.

Network Security:

a) Firewalls, intrusion detection systems, and encryption safeguard data in transit and at rest.

Vulnerability Management:

a) Regular assessments and penetration testing are conducted to identify risks proactively.

Training and Awareness

Employees receive ongoing training to recognize cyber threats, handle sensitive data, and respond appropriately to potential breaches. Awareness programs cover best practices for phishing prevention and data security.

Regulatory Compliance

Tax Processors Plus adheres to industry standards such as HIPAA, SOC2, PCI-DSS, and GDPR, ensuring compliance where applicable.

Policy Modifications

Tax Processors Plus reserves the right to amend this policy at its discretion. Clients will be notified of any changes before they take effect.