top of page
Tradepass International Tax Logo

Written Information Security Plan

Prepared By: Andrea Ricci, Certified Public Accountant (hereafter, "the CPA")
Business Name: Tradepass International Tax, LLC
Effective Date: March, 26 2025
Last Reviewed/Updated: March, 26 2025

1. Purpose

This Information Security Plan is designed to:

  • Ensure the security, confidentiality, and integrity of taxpayer information.

  • Protect against anticipated threats or hazards.

  • Guard against unauthorized access or use that could result in harm or inconvenience to clients.

2. Scope

This plan applies to all taxpayer information received, stored, processed, or transmitted by the CPA in the course of business operations.

3. Risk Assessment

As a sole proprietor, the CPA has evaluated potential risks in the following areas:

  • Physical security of office space and documents.

  • Access control to computers and software.

  • Network security, including protection against viruses, malware, and unauthorized access.

  • Data disposal practices.

4. Information Security Program Components

A. Employee Management and Training

  • As a sole proprietor, the CPA is the only individual accessing taxpayer data.

  • CPA keeps current on threats and updates to best practices.

B. Physical Security

  • Office access is restricted with locks on doors and filing cabinets.

  • Documents with sensitive data are never left out in the open.

  • Paper documents are shredded using a cross-cut shredder before disposal.

C. Access Controls

  • Computers are password protected with unique, complex passwords.

  • Automatic screen locks activate after 5 minutes of inactivity.

  • No one else is permitted access to CPA systems or client records.

D. Encryption & Data Storage

  • Taxpayer data is stored on encrypted hard drives and/or cloud-based systems with encryption at rest and in transit.

  • Sensitive emails are encrypted or sent through secure portals.

  • Backups are stored securely, either on encrypted external drives or encrypted cloud backup solutions.

E. Anti-Virus & Software Updates

  • Anti-virus and anti-malware software is installed and updated regularly.

  • All systems are kept up to date with security patches.

  • Firewalls are enabled on all devices and routers.

F. Secure Disposal

  • Paper documents: Shredded.

  • Digital files: Permanently deleted using secure erase tools.

5. Data Breach Response Plan

If a data breach occurs:

  1. Immediately investigate and contain the breach.

  2. Report to IRS at databreach@irs.gov and the FTC as required.

  3. Notify affected clients and state tax authorities, if applicable.

  4. Document the incident, findings, and response actions.

6. Program Review and Maintenance

  • The CPA will review this plan annually and update it as needed in response to changes in technology, threats, or business practices.

7. Contact Information

CPA Name: Andrea Ricci
Email: aricci@tradepass.tax
 

bottom of page