Data Security & Written Information Security Plan (WISP)

In accordance with the FTC Safeguards Rule (16 CFR Part 314) and IRS Publication 4557, Mark L. Persitz, CPA, LLC maintains a comprehensive Written Information Security Plan (WISP). This plan is designed to ensure the security and confidentiality of client information, protect against anticipated threats, and prevent unauthorized access.

Administrative Safeguards

The Firm's administrative safeguards are the foundation of our security culture. We perform annual risk assessments to identify potential internal and external threats to the security and integrity of NPI. Our administrative protocols include:

• Regular employee training on "Social Engineering" and Phishing detection.
• Incident Response Plans to be activated in the event of a suspected data event.
• Limited data access policies—employees only access information required for their specific role.

Technical Safeguards

We employ enterprise-grade technology to shield your data from cyber threats. Our technical stack includes:

• 256-bit AES Encryption: All data at rest and in transit is encrypted using industry-standard protocols.
• Multi-Factor Authentication (MFA): Every entry point to our digital systems requires MFA, ensuring that a stolen password alone is not enough to access client data.
• Secure Client Portals: We mandate the use of portals like SafeSend and ShareFile. We discourage the use of unencrypted email for the transmission of Social Security numbers or financial statements.

Physical Safeguards

Protecting data also means protecting our physical workspace. Our office protocols include locked file storage, clean-desk policies, and professional-grade document destruction services for any paper records containing NPI.