Effective Date: 04/01/2024

​

1. Introduction

​

Sterwyn Financial is committed to safeguarding the confidential personal and financial information of our clients.
This Written Information Security Plan (WISP) is established in compliance with the Federal Trade Commission’s (FTC) Safeguards Rule, Internal Revenue Service (IRS) Publication 5708, and IRS Publication 4557.

As the sole owner and operator, Lane Miller is responsible for implementing, maintaining, and updating all security measures described in this plan.

​

2. Objectives

​

• Protect client information from unauthorized access, use, or disclosure.

• Comply with applicable federal, state, and industry data protection regulations.

• Respond effectively to security breaches or data compromise incidents.

• Maintain client trust and safeguard sensitive taxpayer data.

• ​

3. Risk Assessment

​

Lane Miller routinely identifies and assesses potential risks to client information, including:

• Unauthorized access to digital or physical client files

• System vulnerabilities (e.g., outdated software, unsecured networks)

• Phishing attacks, social engineering, and human error

• Loss or theft of devices containing client data

Risk assessments are reviewed at least annually or following any security incident.

​

4. Safeguards and Controls

​

Sterwyn Financial employs the following safeguards, overseen directly by Lane Miller:

• Secure firewall and antivirus protection across all devices

• Encryption of sensitive client information both at rest and in transit

• Multi-factor authentication (MFA) for all system access

• Regular password updates and enforcement of strong password protocols

• Restricted physical access to work devices and records

• Data backup and secure cloud storage solutions

​

5. Data Handling Policies

​

• Storage: Client data is securely stored on encrypted, password-protected systems.

• Access: Only Lane Miller accesses client information.

• Transmission: Sensitive documents are transmitted through encrypted email or secure portals.

• Disposal: Outdated client files are securely deleted or destroyed.

​

6. Incident Response Plan

​

In the event of a security breach, Lane Miller will:

1. Immediately contain and assess the breach.

2. Identify the scope and nature of any data compromise.

3. Notify affected clients and the IRS as required by law.

4. Cooperate with appropriate law enforcement and regulatory agencies.

5. Implement corrective measures to prevent future incidents.

​

7. Employee Training

​

As the sole employee, Lane Miller maintains personal and ongoing education in:

• Information security best practices

• Recognizing and responding to phishing and cybersecurity threats

• Proper data handling, client confidentiality, and reporting procedures

​

8. Periodic Security Reviews

​

Lane Miller conducts regular reviews to:

• Evaluate existing security protocols

• Update risk assessments as threats evolve

• Improve or adjust security practices accordingly

Reviews are conducted annually or after any significant security event.

​

9. Plan Oversight

​

Lane Miller serves as the designated Security Coordinator, solely responsible for:

• Maintaining and updating the WISP

• Performing annual risk assessments

• Ensuring compliance with applicable regulations

• Managing responses to security incidents

​

10. Compliance

​

Sterwyn Financial affirms full compliance with:

• FTC Safeguards Rule

• IRS Publication 5708: Creating a Written Information Security Plan

• IRS Publication 4557: Safeguarding Taxpayer Data

​

Lane Miller is solely responsible for upholding these standards.

📩 Questions

For any inquiries regarding information security policies, please contact:
📧 LMiller@sterwynfinancial.com