Security of your client’s data is our highest priority. As a TaxCaddy user, your client will benefit from best-in-class technology, data centers, and infrastructure to meet the strict requirements of the most security-sensitive CPA firms in the world.
TaxCaddy is built with layers of protection across a secure, reliable infrastructure. TaxCaddy leverages the Microsoft Azure cloud to ensure data security through encrypted communications, threat management, and threat mitigation practices, including regular penetration testing. TaxCaddy uses Amazon Web Services for secure, reliable storage. TaxCaddy documents and data are encrypted in transit and at rest using Amazon’s best-in-class Secure Socket Layer and Server-Side Encryption technologies.
Testing and Validation
TaxCaddy has been audited, tested, and validated by C-Level Security, LLC. C-Level Security is an independent, security-focused consulting firm employing leaders in the industry. TaxCaddy was found to enforce security controls to support a secure processing solution. The C-Level security attestation can be downloaded at taxcaddy.com. Additionally, TaxCaddy is used by two of the largest CPA firms in the world, and it’s been through their rigorous security testing and validation.
SOC 2 Audit
SurePrep, the developer of TaxCaddy, received a SOC 2 Type 1, an independent service auditor’s report on controls relevant to security, availability, confidentiality, and processing integrity set forth by the AICPA Trust Services Criteria.
Credentials for TaxCaddy Smart Links accounts are encrypted from the moment they’re entered, so nobody can ever see or steal data as it is transmitted to or from the account. No matter what device is used, from desktop browser to mobile phone, data is always sent using 256-bit Secure Socket Layer encryption.
Tax documents are delivered directly to the client’s TaxCaddy account—no other service gets access to the documents, nor are they stored anywhere else. If your client chooses to delete any of the documents in their TaxCaddy account, those documents are permanently deleted—the taxpayer maintains full control of their tax documents. The taxpayer can delete any (or all) of their Smart Links at any time. When a Smart Link is deleted, the encrypted username and password information is deleted immediately.
Passwords and Two-Factor Authentication
To help keep TaxCaddy safe, the system requires a strong password that includes a number, a special character, both uppercase and lowercase letters, and a minimum of 8 characters.
TaxCaddy uses two-factor authentication to help keep the account secure by prompting the taxpayer to enter their password and a unique, one-time verification code each time they log in. Although the taxpayer can select “Don’t ask me for verification again on this computer,” we recommend keeping the two-factor authentication enabled on all devices.
We regularly review and update security policies; provide security training; perform application and network security testing, including penetration testing; monitor compliance with security policies; and conduct internal and external risk assessments.