What size firms does this apply to?

The FTC Safeguards Rule applies to firms of all sizes. There are a handful of items that aren’t required if you have access to less than 5,000 records of PII. Do note, if you have access to your client’s customers, that also counts as a PII record.

Simple Example: You have 1,000 clients on QBO and access to all of their books & customers. Each one of your clients has 100 customers of their own. You would effectively have access to  100,000 records.

How much does getting compliant with you cost?

This answer will vary a lot depending on the size of your accounting firm, the current measures that are already in place, how much work will go into getting you compliant to begin with. 

The first phase of compliance is similar to a QuickBooks cleanup. The scope is going to vary so much that there isn’t a blanket answer for everyone.

Why is this required?

Due to COVID and the giant increase of cyber attacks, it has been determined that all service providers need to be doing more to ensure their clients’ data is safe.

Can my current tech person do this for me?

This is similar to the “my brother’s friend’s son is a sophomore in college for accounting and is doing my corporate returns.”

Simple due diligence: You can ask them “What are we doing to be compliant with the June 9th deadline?” – if there is a puzzled face of bewilderment or long pause on the phone, they may not be qualified to handle that piece of your business. We can work alongside existing IT employees / teams / providers to ensure your compliance, fill the gaps, and let them continue to handle your day-to-day work.

You can also ask to see if they are Safeguards Certified Technology Providers and get verification that way: