Justice Tax & Accounting, LLC
118 E Oak Ridge Dr
Hagerstown, MD 21740

Effective Date: 08/22/2025
Approved By: Laura Justice, Owner

Justice Tax & Accounting, LLC (“the Firm”) is committed to safeguarding sensitive taxpayer data in compliance with Internal Revenue Service (IRS) Publication 4557, the Gramm-Leach-Bliley Act (GLBA), and the FTC Safeguards Rule. This Written Information Security Program (WISP) outlines administrative, technical, and physical safeguards designed to protect client information from unauthorized access, disclosure, misuse, or destruction.
 

This policy applies to all employees, contractors, and third parties with access to taxpayer data at the Firm’s office and through remote connections.

The Firm designates Laura Justice, Owner, as the Information Security Coordinator responsible for implementing, maintaining, and enforcing this WISP.
 

Responsibilities include:
- Conducting risk assessments.
- Overseeing employee training.
- Reviewing safeguards annually or upon material changes.
- Responding to and documenting security incidents.

The Firm identifies and evaluates potential risks to client information, including:
- Physical risks: Unauthorized office access, theft of paper files, or hardware.
- Technical risks: Malware, phishing, ransomware, unauthorized access to computers, cloud accounts, or client portals.
- Administrative risks: Insider threats, lack of employee training, weak passwords, and improper data disposal.
 

Risks will be re-assessed annually or when business operations materially change.

Administrative Safeguards
- Background checks are conducted on employees with access to taxpayer data.
- All employees sign confidentiality agreements.
- Annual security awareness training covers phishing, password management, and data handling.
- Policies prohibit the use of personal devices or email accounts for taxpayer data.
 

Technical Safeguards
- Passwords must be at least 12 characters and updated every 90 days.
- Multi-Factor Authentication (MFA) is enabled for all remote access.
- Computers are protected with current antivirus software, firewalls, and automatic security updates.
- Data is encrypted both at rest and in transit (e.g., secure client portal, encrypted email for sensitive documents).
- Backups are performed daily and stored securely offsite or in a secure cloud service.
 

Physical Safeguards
- Office is locked outside of business hours; only authorized personnel have keys.
- File cabinets with taxpayer data are locked when not in use.
- Computer screens are locked when unattended.
- Paper records containing taxpayer data are shredded using a cross-cut shredder before disposal.

The Firm ensures that all third-party vendors (e.g., tax software providers, cloud services) handling taxpayer data maintain appropriate safeguards and sign confidentiality or data-processing agreements.

- Taxpayer records are retained in accordance with IRS and state requirements.
- Upon expiration of retention periods, records are securely destroyed via shredding or permanent deletion.
- Hardware is wiped using Department of Defense (DoD) standards before disposal.

In the event of a security incident (e.g., data breach, lost laptop, ransomware):
1. Contain the breach (disconnect affected systems).
2. Notify the Information Security Coordinator immediately.
3. Investigate and document the incident.
4. Notify the IRS Stakeholder Liaison and local law enforcement if taxpayer data is compromised.
5. Notify affected clients promptly in writing.
6. Review safeguards and implement corrective measures.

This WISP will be reviewed annually by the Information Security Coordinator to:
- Assess risks and safeguards.
- Ensure compliance with IRS and FTC requirements.
- Update policies and training as needed.