FTC Safeguards Rule
Under the rule, your firm is a financial institution. That means a written information security program with real controls behind it. We build yours and keep it current.
Security and compliance
Be the hard target. Attackers move on to an easier mark.
When an attacker hits a firm with this posture, they give up and look elsewhere. We make sure that is never you, and we give you proof you can hand your own clients.
Talk to a guru now How it actually works
Your WISP: written, enforced, and proven.
A written information security program is worthless if it sits in a binder. We write your WISP, then configure your systems so the policies actually run. And it starts on day one. Compliance is woven into every conversation and every configuration, never patched on after the fact.
1
Write the WISP
A real, firm-specific information security program mapped to the standards you answer to.
2
Enforce it in the systems
We configure your environment so the policies are technically enforced, not left to good intentions.
3
Prove it, continuously
We monitor, test, and improve the controls, and give you evidence you can show clients and regulators.
Your rules, handled from day one
Built for the rules your firm lives under.
Your compliance obligations are the FTC Safeguards Rule and IRS Publication 4557. Meeting them is baked into how we set your firm up from the first day, not a project we get to later.
IRS Publication 4557
Safeguarding taxpayer data is not optional. We align your systems to Pub 4557 so you can show the IRS, and your clients, that you take it seriously.
And the standard we hold ourselves to: SOC 2 Type 2
SOC 2 is not something your firm needs. It is how we prove we practice what we configure. Every year an independent accounting firm audits us and verifies that we follow our own written controls. The data center that hosts your applications is SOC 2 Type II audited as well.
See the evidence in our Trust Center What runs on every client
Security in layers, not in one lock.
No single control keeps a firm safe. We run layer on top of layer, from the endpoint to the cloud, all watched around the clock by our security and network operations center.
- A security and network operations center watching your firm 24/7/365
- Multi-factor authentication on every account
- Managed threat detection (EDR) on every device
- Microsoft 365 Secure Score, raised quarter over quarter
- Data loss prevention (DLP)
- Single sign-on (SSO)
- Security awareness training for every user
- Password management, monitored, not just installed
- Administration and permissions for the other apps in your stack, wherever we can get admin access
- Cloud-to-cloud Microsoft 365 backup
- US-based, SOC 2 Type II audited data center in Minneapolis, MN
- Nightly offsite backups & automated test restores
- Continuous security research, with new protections rolled out as threats evolve
- Background-checked team
Proof you can hand a client
Turn your security into a reason bigger clients say yes.
When a prospective client asks how you protect their data, you have a real answer, with evidence the controls are running. Our clients have made that answer part of their own pitch, and raised their rates to match.
We also help you lead your clients on security: secure ways to send and receive documents, sensible guidance you can pass along, and a posture that makes your firm the one they trust with more.
Make your firm the hard target.
Book a discovery call. We will look at where your security stands today and show you exactly what it takes to be the firm attackers skip.
Talk to a guru nowNo long-term contract. No hour caps. No minimums. 60-day cancellation any time. We earn it every month. · (800) 692-6096