Written Information Security Plan (WISP)

1. Scope and Purpose

This plan governs the data protection practices of Qially LLC to protect taxpayer information against unauthorized access, destruction, or disclosure.

2. Technical Safeguards

• Encryption: All client data in the QiVault and Client Portal is encrypted using AES-256 standards.
• MFA: Multi-factor authentication is required for all administrative and client access points.
• Access Control: Access to sensitive tax files is restricted via the principle of Least Privilege.

3. Physical & Administrative Safeguards

As a virtual firm, Qially LLC mandates full-disk encryption on all hardware and utilizes secure, NIST-compliant cloud service providers.