Richards & Associates, CPAs
Privacy Policy
To Our Valued Clients:
Your privacy is important to us, and maintaining your trust and confidence is one of Richards & Associates, CPAs’ highest priorities. The law requires us to disclose our Privacy Policy to you—which we are more than happy to do. We hope that by taking a few moments to read it, you willhave a better understanding of what we do with the information you provide us and how we keep it private and secure.
How We Secure Confidential Information?
Richards & Associates, CPAs, uses a highly secured intranet site hosted by Webex, the largest provider of secured online collaboration services. Attached is a copy of the Security White Paper issued by Webex (formerly Intranets.com). We use 128-bit Secure Socket Layer (SSL) encryption for our sites, with all transmissions encrypted accordingly. See the attached Security White Paper for more information on this security for transmitting all data.
Access to all folders stored on our secured intranet site is controlled by Management.
Management assigns permissions for those folders based on the employees’ “need to know”.
Permissions for folders are enforced by the Webex security program. See the attached Security
White Paper for more information on limiting permissions for data.
How is Data Stored?
All client data is stored on our secured intranet site hosted by Webex. Please see the attached Security White Paper from Webex (formerly Intranets.com) for more information on their security procedures for our secured site. With the exception of general accounting information, nothing related to your Credit Union is stored on the hard drives of our company computers. All Richards & Associates, CPAs, employees work directly from the secured intranet site using web folders.
By working within our secured intranet site, all of our work papers, including files related to your Credit Union, are password protected at all times. In the event a file would be unencrypted and downloaded to one of our company computers, it is saved back to the secured intranet site and immediately deleted from the computer hard drive.
01/2007
2 Richards & Associates, CPAsPRIVACY POLICY
Information Shared with Other Parties
Richards & Associates, CPAs, partners with another accounting firm for the clerical aspect of the preparation of audited financial statements. That other accounting firm assists us with the preparation of your financial statements using information posted to the NCUA or ASI websites (call reports). In addition to that publicly disclosed information obtained from the NCUA or ASI website, we provide the firm with some supplementary financial information. Under no circumstances is any member-related information shared with this firm. Transmission of general financial information is shared via our secured intranet site, using SSL encryption technology.
With the exception of the partnership mentioned above, Richards & Associates, CPAs does not share any information with other parties. However, we are required to submit certain financial reports directly to some regulatory agencies. Those reports are sent via common carriers, mostly using United Parcel Service (UPS). This allows us to track packages sent to regulatory agencies.
If electronic files are sent to any parties, it is done through our secured intranet site using SSL security to encrypt those files.
How Long is Audit Information Maintained?
All work papers related to your engagement are stored electronically at our secured intranet site in compliance with state accountancy laws. We keep a detailed log of all electronic files stored at the secured intranet site. While we try to minimize the amount of paper generated in your engagement, that is not entirely possible. All files containing paper documents are stored in highly secured storage facilities in Marina del Rey and Corona, California. After the retention period prescribed by state accountancy laws, all audit documentation is shredded by a reputable firm. The storage boxes are picked up and loaded in the presence of a Richards & Associates,
CPAs representative.
All client data in electronic format is stored at our secured intranet site. Webex uses industry accepted back up procedures to ensure the integrity of the information. We do not store any client supplied information on company computers or other storage media. Richards & Associates, CPAs employees place a high priority on security and prohibited from permanently storing any client supplied information on their computers. This policy is enforced with periodic spot checks, and disciplinary action for any willful violations.
How Do We Secure Computers Used by Our Staff?
Because of the nature of our business, it is not practical for auditors to store their computers in a centralized office. We do require auditors to keep their computers in their personal possession at all times and not to leave equipment unattended. As mentioned earlier, no client related data is to be stored on company computers. If a computer were to be stolen or misplaced, that employees membership to the secured intranet site would be immediately cancelled, protecting all sensitive information.
01/2007
3 Richards & Associates, CPAsPRIVACY POLICY
All of Richards & Associates, CPAs employees are required to use a password to access their
company computers. The computers are programmed to go into the stand-by mode after ten
minutes of inactivity, requiring that password to resume activity.
As mentioned previously, all client-related information is stored at our secured intranet site
hosted by Webex. We believe their password protected system prevents any unauthorized access
through online connections. Richards & Associates, CPAs, employees are prohibited from
storing any client related information on their company computers.
Furthermore Richards & Associates, CPAs employees are not allowed to have their company
computer remember passwords into the secured intranet site. Therefore the correct ID and
password is necessary each time the secured intranet site is accessed. This would prevent a
breach of security through unauthorized access via online connections.
How Do We Screen Associates Who Are Assigned to Your Engagement?
As part of our hiring procedures, we perform a comprehensive background check of all
applicants. Those background checks are performed by an independent agency, Infolink
Screening Services, Inc.
* * * * *
Thank you for allowing us to serve your auditing needs. We value your business and are
committed to protecting your privacy and that of your members. We hope you view our firm as
your most trusted provider of auditing services, and we will work to continue earning your trust