Security and Privacy

Home » About » Security and Privacy

Federal law requires Jason M. Tyra, CPA, PLLC, hereby referred to as “the firm,” to develop and implement an information security plan (ISP) to create effective administrative, technical and physical safeguards for the protection of client information. This ISP sets forth procedures for evaluating and addressing the electronic and physical methods of accessing, collecting, storing, using, transmitting and protecting client information.

101) Designation of representatives: The firm Principal is designated as the person who shall be responsible for coordinating and overseeing the ISP. This person is hereby referred to as the “representative.” The designated representative may assign or delegate other representatives of the firm to oversee and coordinate elements of the ISP. Any questions regarding the implementation of the ISP or the interpretation of this document should be directed to the representative or his or her designees.

102) Risk identification and assessment and current safeguards: The firm has identified, as part of the ISP, the internal and external risks to the security, confidentiality and integrity of client information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information and implemented the following safeguards for controlling these risks:

Multifactor authentication (MFA): We deploy MFA to all outside network connections.

Least amount of access: We limit access to client information only to those who need such access to perform their duties.

Data loss prevention (DLP): We contract with data storage providers for cloud-based storage of data. Such vendors utilize industry standard measures designed to protect sensitive financial data.

Network access restrictions: We limit access to the network (either remotely or locally) only to those who need such access to perform their duties.

Encryption: We encrypt all data using industry standard protective measures. Remote network connections are also encrypted using a VPN.

103) Design and implementation of safeguards program: The risk assessment and safeguard control policies described above shall apply to all methods of handling or disposing of client information, whether in electronic, paper or other form. The representative will, on a regular basis, implement safeguards to control the risks identified through such assessments and regularly test or otherwise monitor the effectiveness of such safeguards in relevant areas of the firm’s operations, including:

Employee management and training: The representative will evaluate the effectiveness of the firm’s procedures and practices relating to access and use of client information. This evaluation will include assessing the effectiveness of the firm’s current policies and procedures in coordination with relevant departments, as appropriate, as well as adequate training of employees. Procedures include:

  1. Performing criminal background checks for all newly hired employees.
  2. Requiring all employees to read and agree to the Firm’s confidentiality and security standards for handling client information, including the Firm’s “Bring Your Own Device” policy.
  3. Limiting access to client information to only those employees with an articulable need for such access.
  4. Imposing disciplinary measures for security policy violations.

Information systems: The representative will assess the risks to financial information associated with the firm’s information systems, including network and software design, information processing and the storage, transmission and disposal of financial information. The representative will coordinate with relevant departments, as appropriate, to assess the following procedures:

  1. Knowing where sensitive customer information is stored and store it securely. Make sure only authorized employees have access.
  2. Taking steps to ensure the secure transmission of customer information.
  3. Disposing of customer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule.

Detecting and managing system failures: The representative will evaluate procedures and methods of deferring, detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. The representative may elect to delegate the responsibility for monitoring and participating in the dissemination of information related to the reporting of known security attacks and other threats to the integrity of networks utilized by the firm, and will coordinate with relevant departments, as appropriate. Procedures include:

  1. Monitoring the websites of your software vendors and read relevant industry publications for news about emerging threats and available defenses.
  2. Maintaining up-to-date and appropriate programs and controls to prevent unauthorized access to customer information.
  3. Taking steps to preserve the security, confidentiality, and integrity of customer information in the event of a breach.

104) Protocols to select service providers that can maintain appropriate safeguards: The representative shall coordinate with those responsible for the third-party service procurement activities to raise awareness of, and to institute methods for, selecting and retaining only those service providers that maintain appropriate safeguards for client information. The representative will also oversee the handling of client information by third-party service providers as follows.

  1. Finding a local service provider;
  2. checking the references of the potential service provider;
  3. providing the potential service provider a copy of the ISP and request a review of the ISP by the potential service provider;
  4. obtaining a copy of the potential service provider’s ISP as it relates to client data;
  5. confirming the potential service provider has experience with the firm’s type of practice;
  6. inquiring if the potential service provider has experience to support the firm’s hardware and software; and
  7. checking for the potential service provider’s certifications and partnerships with major manufacturers.

105) Procedures for the evaluation and periodic adjustment of the ISP: The representative will evaluate and adjust the ISP based on the risk identification and assessment activities undertaken pursuant to the ISP, as well as any material changes to the firm’s operations or other circumstances that may have a material impact on the ISP as follows.

  1. Designating an unrelated party to evaluate security risks periodically;
  2. scheduling and perform semiannual meetings with service provider personnel
  3. regularly discussing staff experiences with the service provider for any security concern.

Privacy Policy

We recognize that you may be concerned about our use and disclosure of your personal information. Your privacy is very important to us, and the following will inform you of the information that we, Jason M. Tyra, PLLC, may collect from you, and how it is used. By using our website, www.jmtyralaw.com, you are accepting the practices described in this policy.

Information Collection

We may collect non-personal information, such as a domain name and IP Address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed our site. We may also collect information about the type of Internet browser you are using, operating system, what brought you to our Website, as well as which of our Web pages you have accessed.

Additionally, if you communicate with us regarding our Website or our services, we will collect any information that you provide to us in any such communication.

We may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Information Use

We use the collected information primarily for our own internal purposes, such as providing, maintaining, evaluating, and improving our services and Website, fulfilling requests for information, and providing customer support.

Consent

By using this Website, you consent to the collection and use of information as specified above. If we make changes to our Privacy Policy, we will post those changes on this page. Please review this page frequently to remain up-to-date with the information we collect, how we use it, and under what circumstances we disclose it. You must review the new Privacy Policy carefully to make sure you understand our practices and procedures.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at (972) 737-4456 or via mail Attn: Privacy Officer, 1700 Pacific Ave., Suite 4710, Dallas, TX 75201.