Written Information Security Plan (WISP)

I. OBJECTIVE

Our goal in designing and implementing this Written Information Security Plan (WISP) is to create effective administrative, technical, and physical measures for the security of Personally Identifiable Information (PII) held by Daily Tax LLC (dba/aataxescorp). This WISP intends to meet its duties under the Gramm-Leach-Bliley Act and the Federal Trade Commission’s Financial Privacy and Safeguard Rules.

II. PURPOSE

The purpose of this WISP is to:

  1. Ensure the security and confidentiality of our customers’ information;
  2. Protect against anticipated threats or hazards to the security or integrity of such information;
  3. Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any of our customers.

III. SCOPE

This WISP applies to all employees, contractors, and third-party service providers who have access to sensitive information. It covers all forms of PII, whether electronic, paper, or any other format.

IV. RESPONSIBLE OFFICIALS

The entity Daily Tax LLC is designated as the Data Security Coordinator (DSC). The DSC is responsible for:

  1. Initial implementation of the plan
  2. Employee training
  3. Regular testing of controls and safeguards
  4. Evaluating and monitoring service providers
  5. Periodic evaluation and adjustment of the plan

V. RISK ASSESSMENT

A. Internal Risks

  1. Identify reasonably foreseeable internal threats
  2. Assess the likelihood and potential damage of these threats
  3. Evaluate the sufficiency of existing policies and procedures

B. External Risks

  1. Identify reasonably foreseeable external threats
  2. Assess the likelihood and potential damage of these threats
  3. Evaluate the sufficiency of existing safeguards

VI. SAFEGUARDS AND CONTROLS

A. Administrative Safeguards

  1. Employee Management and Training
    • Annual security awareness training for all employees
    • Background checks for employees with access to sensitive information
    • Confidentiality agreements
  2. Information Systems
    • Access controls (role-based access, least privilege principle)
    • Regular review and update of access rights
    • Secure password policies
  3. Detecting and Managing System Failures
    • Incident response plan
    • Regular system monitoring and logging
    • Vulnerability assessments and penetration testing

B. Technical Safeguards

  1. Network Security
    • Firewalls and intrusion detection/prevention systems
    • Regular software and system updates
    • Encryption for data in transit and at rest
  2. Access Control
    • Multi-factor authentication
    • Unique user IDs and strong passwords
    • Automatic logoff after periods of inactivity
  3. Data Security
    • Data classification system
    • Data loss prevention tools
    • Regular data backups and secure off-site storage

C. Physical Safeguards

  1. Facility Security
    • Access controls (key cards, biometric systems)
    • Visitor logs and escort policies
    • Surveillance systems
  2. Workstation and Device Security
    • Clean desk policy
    • Cable locks for portable devices
    • Secure disposal of physical media

VII. SERVICE PROVIDER OVERSIGHT

  1. Due diligence in selection of service providers
  2. Contractual requirements for maintaining appropriate safeguards
  3. Regular monitoring and review of service provider compliance

VIII. INCIDENT RESPONSE PLAN

  1. Identification of incident response team
  2. Steps for containing and mitigating security incidents
  3. Notification procedures (internal and external)
  4. Post-incident review and plan updates

IX. PLAN MAINTENANCE AND TESTING

  1. Annual review and update of the WISP
  2. Regular testing of safeguards and controls
  3. Documentation of any changes or improvements

X. EMPLOYEE ACKNOWLEDGMENT

All employees must acknowledge receipt and understanding of this WISP. A signed acknowledgment form will be kept on file.

XI. IMPLEMENTATION

This Written Information Security Plan is effective as of December 31, 2021.