At SimpleEntry, we understand that tax and financial firms trust us with highly sensitive data. Our security framework is built to meet—and often exceed—IRS, FTC, and international compliance requirements.
Data Protection Standards
- IRS Compliance: We follow IRS Publications 4557 and 5417, and adhere to Section 7216 rules for protecting taxpayer information.
- FTC Safeguards Rule: Our Written Information Security Program (WISP) aligns with the Federal Trade Commission’s guidelines for financial data protection.
- ISO/CMMC/NIST Frameworks: Our policies are modeled on ISO 27001, CMMC, and the NIST Cybersecurity Framework for global best practices.
Key Security Controls
- Multi-Factor Authentication (MFA): Required for all access to client systems and sensitive data.
- Data Encryption: All taxpayer and client data is encrypted at rest and in transit.
- Role-Based Access: Only staff who need access to client data receive it, with strict offboarding controls.
- Incident Response: A documented breach response plan is in place and tested annually.
- Security Awareness Training: All employees receive annual IRS-focused data security training, including phishing awareness and cyber hygiene.
Continuous Compliance with IRS-Grade Tools
- Tenable: We use Tenable, the same compliance and vulnerability assessment tool utilized by the IRS Office of Safeguards, to proactively scan for vulnerabilities and ensure our systems meet the same high standards the IRS holds itself to.
- Microsoft Intune: All devices are managed and secured via Intune, allowing for encryption, secure configurations, and remote wipe capabilities.
- Drata: Our ISO, CMMC and NIST-aligned compliance program is continuously monitored through Drata, giving clients confidence in real-time security oversight.
Safe Remote Work
Our team members access client systems through secure Virtual Desktop Infrastructure (VDI) or VPN connections. No taxpayer data is stored locally — all work happens directly within client-approved environments.
Certifications & Oversight
- Preparer Tax Identification Number (PTIN) Oversight: All tax staff hold active IRS PTIN registrations, following strict confidentiality rules, in addition to IRS recognized training programs such as the Annual Filing Season Program (AFSP).
- ISO/CMMC/NIST Alignment: Regular audits ensure our security framework aligns with international standards.
- Continuous Monitoring: Tenable, Drata, and Intune provide layered assurance that our systems stay compliant and secure.
Why This Matters
For clients, this means complete confidence: your data is handled by trained professionals under a security program that meets IRS and FTC standards, monitored daily for compliance, and backed by international best practices — including the very same technology the IRS uses.