Information Security & Data Protection Policy

Effective Date: June 25, 2026

Information Security & Data Protection Policy

MPK Advisors & CPAs (“MPK Advisors,” “we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and availability of the information entrusted to us by our clients, employees, business partners, and website visitors.

As a Certified Public Accounting firm, we recognize the importance of safeguarding sensitive financial, tax, business, and personal information. This Information Security & Data Protection Policy outlines the measures we take to protect information and maintain the trust of our clients.

Our Commitment to Information Security

Protecting client information is a fundamental part of our professional responsibility. We maintain administrative, technical, and physical safeguards designed to reduce the risk of unauthorized access, disclosure, misuse, alteration, or loss of information.

Our security practices are regularly reviewed and updated to address evolving threats, regulatory requirements, and industry best practices.

Information We Protect

The information we protect may include:

  • Personal identifying information
  • Financial records
  • Tax returns and supporting documentation
  • Payroll information
  • Business financial statements
  • Audit and assurance records
  • Banking information
  • Client communications
  • Employee information
  • Proprietary business information

Administrative Safeguards

MPK Advisors & CPAs maintains policies and procedures designed to support secure handling of information, including:

  • Access controls based on job responsibilities
  • Employee confidentiality requirements
  • Security awareness and training programs
  • Vendor and service provider evaluations
  • Incident response procedures
  • Data retention and disposal practices
  • Ongoing review of security controls

Access to sensitive information is limited to authorized personnel who require such access to perform their duties.

Technical Safeguards

We implement reasonable technical security measures designed to protect information from unauthorized access or disclosure. These measures may include:

  • Secure networks and firewalls
  • Encryption technologies where appropriate
  • Multi-factor authentication for supported systems
  • Password protection requirements
  • Endpoint security and malware protection
  • Security monitoring and threat detection
  • Secure data transmission protocols
  • System updates and security patch management

While no security system can guarantee absolute protection, we strive to implement security measures consistent with industry standards and professional obligations.

Physical Safeguards

We maintain physical protections designed to secure information and business operations, including:

  • Controlled access to office facilities
  • Secure storage of sensitive documents
  • Protection of computer systems and devices
  • Secure disposal and destruction of records when no longer needed

Secure Client Communications

We encourage clients to use approved secure methods when transmitting sensitive financial, tax, or personal information.

For document sharing and collaboration, we may provide access to secure client portal technology and other protected communication tools.

Clients should avoid sending highly sensitive information through unsecured email whenever possible.

Client Portal Security

MPK Advisors & CPAs utilizes secure client portal technology to facilitate the exchange of documents and information.

Portal users are responsible for:

  • Maintaining the confidentiality of login credentials
  • Using strong, unique passwords
  • Promptly notifying us of suspected unauthorized account activity
  • Logging out after each session when using shared devices

We reserve the right to suspend or restrict portal access if suspicious activity is detected.

Third-Party Service Providers

We may engage trusted third-party vendors and technology providers to support our operations and client services.

When appropriate, we evaluate vendors based on security practices and contractual obligations related to the protection of confidential information.

While we seek to work with reputable providers, each third-party service maintains its own security controls and policies.

Data Retention and Disposal

We retain information only as long as necessary to:

  • Provide professional services
  • Fulfill contractual obligations
  • Comply with legal, regulatory, and professional requirements
  • Resolve disputes and enforce agreements

When information is no longer required, it is securely deleted, destroyed, or otherwise disposed of in accordance with applicable retention policies.

Incident Response

If a security incident is identified, MPK Advisors & CPAs follows established response procedures designed to:

  1. Contain and investigate the incident.
  2. Assess potential impact and risk.
  3. Implement corrective actions.
  4. Restore affected systems and operations.
  5. Provide required notifications when applicable under law.

Our objective is to respond promptly and appropriately to minimize disruption and protect affected information.

Employee Responsibilities

All employees are expected to support the firm’s information security efforts by:

  • Following security policies and procedures
  • Protecting confidential information
  • Reporting suspicious activity or potential security incidents
  • Maintaining secure access credentials
  • Participating in security awareness training

Client Responsibilities

Information security is a shared responsibility. Clients can help protect their information by:

  • Using strong passwords
  • Enabling multi-factor authentication when available
  • Protecting login credentials
  • Using secure internet connections
  • Promptly reporting suspicious communications
  • Verifying unusual requests for financial or personal information

Clients should exercise caution regarding phishing emails, fraudulent payment requests, and impersonation attempts.

Business Continuity and Recovery

MPK Advisors & CPAs maintains procedures designed to support business continuity and recovery in the event of disruptions, technology failures, cybersecurity incidents, or other unforeseen events.

These measures are intended to help maintain operational resilience and protect client information.

Limitation of Guarantee

While MPK Advisors & CPAs takes reasonable measures to safeguard information, no technology, network, transmission method, or storage system can be guaranteed to be completely secure.

Accordingly, we cannot guarantee absolute protection against all potential security threats, unauthorized access attempts, or cybersecurity incidents.

Updates to This Policy

We may revise this Information Security & Data Protection Policy from time to time to reflect changes in technology, regulatory requirements, industry standards, or business practices.

Any updates will be posted on this page with a revised effective date.

Contact Information

If you have questions regarding our information security practices or data protection measures, please contact:

MPK Advisors & CPAs
41197 Golden Gate Circle, Suite 208
Murrieta, CA 92562

Phone: (951) 763-7970
Email: info@mpkadvisors.com

By engaging our services or using our website, client portal, or related systems, you acknowledge and understand the information security practices described in this policy.

Information Security