More and more CPA firms are adopting cloud computing to save themselves and their clients time and money. While the benefits of cloud computing are undeniable, CPA firms have certain professional liability implication they need to understand before moving their client's data to the cloud.
According to the Code of Professional Conduct there are three main considerations for CPA’s with regards to cloud computing:
- The CPA should enter into an agreement with the third party regarding the maintenance of confidentiality of client information
- The CPA should take steps to reasonably assure him/herself that the third party has appropriate procedures in place to maintain confidentiality
We utilize the best technology and solutions to ensure that your client's data remains confidential - including: using the highest level of encryption to protect data, every 30 min backups, PCI compliance (including monthly vulnerability scans by a third-party), and housing all data in SOC 2 data centers.In addition, we have had our systems (including our financial stability) vetted by both Intuit and the Managed Service Provider (MSP) Alliance as part of becoming and Intuit Authorized Commercial Host and an Accredited Managed Service Provider.
- The CPA should disclose the use of third-party service providers to its clients, preferably in writing, before disclosing confidential information to the third party
We recommend that our CPAs who are not using the system with their clients, but are storing the client's data on our system, include this disclosure as part of their letter of engagement with their clients.
The AICPA recently published a great article on just this topic that I recommend you check out: "Professional Liability Risks Related to Cloud Computing." It even includes a Cloud Vendor Checklist to help CPAs in selecting and vetting cloud computing providers.