Security of Your Information
As your accounting and financial services firm, we are pleased to have earned your trust and confidence. We understand the value you place on the security and privacy of your information. At Davis & Hodgdon we take extensive measures to make sure that your information is protected from loss and theft.
In response to our client's desire for security assurance the firm engaged DominionTech Computer Services in February 2013 to perform a series of tests to assess the firm's policies and procedures and identify and potential security risks. Please refer to the following letter of commendation validating the firm's security posture: Letter of Security Assurance.
PROTECTION OF YOUR INFORMATION
Protecting your information is our top priority. Our firm maintains a physically secure office and computer network. The firm runs a paperless practice, however at times paper files are required. In those instances, paper files are scanned into our secure network and promptly returned to the client. If paper copies of information are required to be retained, all documents are kept in a secure, locked location.
To combat external risk and security of our network and all data, we have implemented a VERY strict and comprehensive set of protocols for all computer and network use. These protocols include:
- Secure user authentication protocols
- Secure access control measures
- Encryption on public and private networks
- Encrypted and monitored laptops, portable devices and wireless devices
- Regularly scheduled deployment of security updates and antivirus patches
- Annual Staff education program
DISCLOSURE AND TRANSMISSION OF YOUR INFORMATION
As a service to our clients we offer a secure portal - an online storage space that is password protected and able to house their most important information, forms and documents. All of these items are easily accessed - 24/7.
Information is not to be given to a third party or unauthorized individual (bank, employer, financial advisor, etc.) without a written consent form completed by the client.
When there is a need to bring records containing sensitive information off-site, only the minimum amount of information necessary will be taken; electronic records will be password – protected and encrypted, paper records will be kept behind lock and key. Records brought off-site are returned to Davis & Hodgdon Associates office immediately following completion of offsite work.
It is the policy of Davis & Hodgdon Associates to wipe all laptops clean and delete all client and sensitive related data promptly upon return of the laptop by the staff member using it.
Staff is prohibited from copying or transporting files on a personal device, such as a laptop, USB or smart phone.
To minimize transporting sensitive information, staff has access to work computers from home using an encrypted VPN network.
Under no circumstances are documents, electronic devices (including laptops), or digital media left unattended in an employee’s car, home, or in any other potentially insecure location.
COLLECTION OF YOUR INFORMATION
Davis & Hodgdon Associates CPAs is committed to limiting the amount of personal information collected to that which is reasonably necessary to accomplish the legitimate purpose for which it is collected; limiting the time such information is retained to that reasonably necessary to accomplish such purpose; and limiting access to those persons who are reasonably required to know such information in order to accomplish such purpose.
All employees are responsible for maintaining the privacy and integrity of sensitive information in accordance with the firm’s Confidentiality Policy. Any paper record containing sensitive information about any client or third party must be kept behind lock and key when not in use.
When disposing of paper records containing sensitive information, a cross-cut shredder or outside shredding service will be used. Similar appropriate electronic methods will be used for disposing of electronic media.
Davis & Hodgdon Associates conducts regular internal network security audits in which all server and computer system logs are evaluated for any possible electronic security breach. These audits will be performed every 90 days.
On an annual basis the Firm has a qualified outside provider conduct and internal and external information security audit on all policies, procedures, and hardware, software and network services used by the Firm.
We offer a secure web portal to aid in the transmission and storage of your sensitive information. When using your web portal, you can be assured that your information is in the most secure location available. We take every precaution to guarantee the safety and integrity of your data.
The web portal has the following secure infrastructure features:
- Around-the-clock internal security monitoring
- Load-balancing devices and a security infrastructure that provides built-in safeguards to prevent “Denial of Service” (DoS) attacks and ID spoofing
- Multiple levels of security (known as Defense in Depth) allows for elevated levels of control
- Highest level of encryption
- Secure password protection for local and remote access
If you have any questions or would like additional information on our Security Policies please contact our office.