Davis & Hodgdon Associates CPAs is committed to protecting your privacy and sensitive information. To achieve this we have instituted the following measures.
COLLECTION, STORAGE AND RETENTION OF INFORMATION
- Our firm is committed to limiting the amount of personal information collected, the time such information is retained, and to limit it to associates who are required to know such information.
- Any paper records containing sensitive client or third-party information is scanned and kept under lock and key when not in use and returned to you upon completion of work. Any computer file containing this type of information is kept password-protected.
- Strict record retention guidelines are in place to ensure that sensitive information is kept on file for the least amount of time.
- A certified shredding service is used to dispose of paper records with sensitive information. The shredding process is done on-site and verified by a trained professional.
- We DO NOT accept USB. A secure web portal has been set up for you to transmit information securely.
TRANSMISSION OF SENSITIVE INFORMATION
- Information, unless otherwise requested, is only transmitted directly to you or to an authorized third party through the Firm’s secure web portal or encrypted email. Written consent by you is required for transmitting information to a third party (such as a bank or insurance agent).
- For security reasons our preference is to use a secure, encrypted form of transmitting your information, either via the secure web portal, encrypted email or password-protected documents.
- The Firm has implemented policies to include secure user authentication protocols and secure access control measures.
- During instances when it is necessary to bring records off-site, only the minimum information necessary will be brought; electronic records are password-protected and encrypted.
- Firm-wide security awareness training is provided annually to reinforce security measures.
- An appointed information security coordinator continually monitors and assesses all of the information safeguards to determine when upgrades may be necessary.
- We use a Certified IT vendor to focus 100% on the strength and security of our IT systems.
- We voluntarily engage in a bi-annual IT Security audit to ensure that our systems are as secure as possible.
Inquiries regarding this policy should be directed to Kathryn C. Diedrichsen, Chief Operating Officer, at email@example.com.