Do you have federal tax information (FTI) in your possession? If yes, did you know that, if you do not comply with IRS-1075, you would not only face legal action, but even criminal penalty?
The Internal Revenue Service (IRS) has released a Publication 1075 (abbreviated as IRS-1075), which gives detailed information about the processes, checks, commitments and measures needed to maintain confidentiality of FTI data received by anyone from the IRS department. These rules apply no matter how little or how significant the data might seem and to all means of storage regardless of paper or electronic. It covers all states of data right from receipt, transfer, storage, usage, access, transmit to disposal.
Some of the controls needed are as follows. These include both electronic and physical:
1. Record Keeping Requirements: Maintain a persistent system of all FTI records and anything related to it, including access rights.
2. Secure Storage: Details about the physical and electronic security of place where FTI data is kept. It includes things like restricted area, authorized access, locks & keys, safes/vaults, transportation security, security of computers and storage media.
3. Restricting Access: Details related to access of FTI data.
4. Reporting Requirements: Periodic reports like SAR (Safeguard Activity Report) and SPR (Safeguard Procedures Report) need to be sent to IRS.
5. Training and Inspections: Awareness about security and annual certification of employees. Annual inspections are also needed to validate proper implementation.
6. Disposal: Proper standards related to FTI data disposal for physical and electronic media.
7. Computer System Security: Probably the most complex and detailed section of this regulation related to everything from access control, cryptography, emails, networking to wireless technologies and any emerging technologies.
Whether you have your own private data center or are using a shared one for storing the FTI data, the IRS-1075 rules apply to all. If you feel overwhelmed by the above details, find out how easily you can abide by these guidelines by visiting https://lifelinedatacenters.com/.