Privacy

for you and your client

ABACA respects the privacy rights of its clients, partners and employees and has always been committed to protecting all personal information in our possession or control. We have adopted a comprehensive Privacy Policy to posit how we collect, use and disclose the personal information we require in the course of fulfilling our professional responsibilities and operating our business. ABACA deploys a robust and high performance Cloud- Enterprise delivery system with multi-layered security. With advanced systems authorization and protocols and strict privacy policies in place, we provide our clients with an extremely efficient and stringently secure environment one that first and foremost, takes into account the need and respect for the privacy and confidentiality of all of our clients information and data. ABACA's policy is to at all times adhere to the requirements of the law and our professional responsibilities, and to be responsive to our clients, partners and employees who expect us to respect their privacy and protect their personal information. Our Privacy Policy clearly defines our ongoing commitment to protecting privacy rights and a number of the practices reflect requirements set out in both federal and provincial privacy legislation. All personal information that ABACA collects, uses, retains, discloses, and disposes of is in conformity and guided by criteria that is set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA. Principle 1 We are accountable for the personal information in our possession. ABACA is accountable for all personal information in our possession or control. We have established policies and procedures aimed at protecting personal information. Principle 2 We will inform our clients as to why we are collecting personal information when the information is collected. In most instances, ABACA will collect, use or disclose personal information about clients only for the purpose of providing professional services. We will explain why we require the information, what use will be made of it in order to provide professional services. Personal information may be disclosed internally for the purpose of determining compliance with applicable standards, internal policies, or in the performance of quality control reviews. Principle 3 We will collect, use or disclose personal information only with our clients informed consent. The Terms and Conditions of every ABACA professional services contract documents and provide details pertaining to the collection and/or use of client Information. By signing the Professional Services Agreement, the client will provide its consent to the collection, use and disclosure described in the Terms and Conditions. Principle 4 We limit the amount and type of personal information we collect. ABACA will limit the collection of personal information to that which is reasonably required to provide our services or operate our business. Principle 5 We will use and disclose personal information only for the purposes for which we have consent. We will keep personal information only as long as necessary to accomplish these purposes. ABACA may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. Principle 6 We will endeavor to keep accurate the personal information in our possession or control. In order to provide clients with a professional level of service, the personal information that we collect must be accurate, complete and current. From time to time, clients may be asked to update their personal information. Principle 7 We protect your personal information with safeguards appropriate to the sensitivity of the information. ABACA will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). Personal information is never processed or stored outside of Canada.

Vancouver

Calgary

Toronto


Principle 8 We will be open about the procedures used to manage your personal information. The most up-to-date version of our privacy policy is available in its entirety at www.abacasolutions.com Principle 9 At their request, we will advise individuals of what personal information we have in our possession or control about them, what it is being used for, and to whom and why it has been disclosed. Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their account executive. Principle 10 Individuals may challenge our compliance with this Privacy Policy. ABACA will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints and we will report our findings to the individual in most instances within thirty days. Type II SSAE 16 SOC 1 Certification - is issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) to organizations that typically provide services to other organizations that involve transaction processing and the securing of data used to perform these services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers. International ISAE 3402 Certification - is issued under International Standards for Assurance Engagements (ISAE) 3402. An auditor's report provides assurance that the service business is maintaining effective and efficient internal controls related to financial, information, or security reporting. This examination and report is similar to and issued in conjunction with an SSAE 16 SOC 1 report. To provide complete privacy and confidentiality of our client files, we implement a multi-level security system utilizing encrypted passwords, 128-bit and 256-bit SSL encryption and user-security certification protocols across ABACA's network. Upon the completion of work assignments and compliant with ABACA Terms and Conditions, all data is fully purged from the system.

Security Infrastructure

In delivering its professional services, relevant data is temporarily placed on a dedicated ABACA server systems environment in Canada. Our SaaS as well as business-critical applications also reside within this network infrastructure. Operating within a highly controlled systems environment, ABACAs offshore production facility and personnel deploy thin-client systems where only users and groups authenticated by their domain credentials are able to access designated applications and data files. At all times all data and information remains in Canada. All communications are provisioned through a full-featured Canadian systems management console. We have a complete paperless environment, and there is no access to printers, or removable media devices. ABACAs cloud-systems service provider implements complete redundancy procedures at the data-center level and have the following certifications: CICA 5970 is a Canadian standard administered by the Canadian Institute of Chartered Accountants. Designation under this program encompasses specific requirements for service providers managing customer data and focuses heavily in the areas of compliance, security and access. In addition, this certification addresses the topics of backup and recovery, computer operations and facility infrastructure.

Authentication and Security

As an ABACA customer, you are provided with secure system login credentials. We monitor the access and management of such passwords to ensure proper authentication and authorization to the ABACA WorkFlow system and back-end server resources for the uploading and downloading of work files. This can include password rules such as complex passwords with alpha and numeric characters or rules that require users to change passwords at predefined intervals. Within ABACA, accountants assigned to client work are authorized according to responsibility or line of business (corporate tax, personal tax, bookkeeping). We also offer support for single sign-on across multiple applications, the use of reverse proxy to provide additional security and encryption capabilities, and more.

Our Commitment

We respect and protect the privacy and confidentiality of personal and business information that is entrusted to us in the course of rendering services to our clients. Our accountants are governed by rules of professional conduct that have always and will continue to guarantee the privacy and confidentiality of your personal information.

About ABACA Solutions Since 2006, ABACA Solutions has been helping a spectrum of small, mid-sized and large Canadian accounting firms apply greater levels of efficiency into their practices, generate higher rates of productivity and yield higher returns from their existing human resource assets. ABACA delivers specialized professional services that focus on optimizing key segments of the production process for Canadian corporate and personal tax. T: 877.782.8933 E: info@abacaSolutions.com
Vancouver I Calgary I Toronto