1099 Login
Data Protection Is Our Foundation
Security & Compliance
Trust is the foundation of any business relationship. At Tab Service Company, we understand that you cannot take risks with your data, which is why we are committed to keeping your confidential data secure and protected while in our custody. Data security & compliance isn’t an add-on to our services—it’s the foundation everything else is built upon.
Our commitment is backed by annual audits performed by independent CPA firms, regular penetration testing conducted by industry-leading security companies, and continuous monitoring to stay ahead of evolving threats.
SOC2 Type 2 Certifications
Rigorous Independent Auditing
Plante Moran, one of the nation’s largest and most trusted accounting firms, conducts our SOC2 reporting. This process objectively examines, in detail, the security, processing integrity, and confidentiality controls employed by Tab Service Company.
Our audit results consistently indicate that our underlying controls are functioning correctly with no exceptions. We received a clean opinion testifying to our adherence to the principles of security, processing integrity, and confidentiality.
- SOC2 Compliance (AICPA): Adheres to the AICPA Trust Services Criteria
- Security: Protects systems and data from unauthorized access
- Processing Integrity: Ensures complete, accurate, timely, and authorized processing
- Confidentiality: Safeguards confidential information as committed or agreed
What is SOC2 Compliance?
The purpose of performing a SOC2 audit is to provide assurances that service providers have effective, operating safeguards in place to protect customer data.
The SOC2 report presents the results of an evaluation of various aspects of our security and privacy policies and methods. Tab Service requests SOC2 audits be performed annually by a qualified third party to demonstrate that our safeguards and controls are strong enough to keep clients’ data secure.
SOC2 Reports
Detailed examination available to current and prospective clients after signing a mutual NDA
Having passed our audit, Tab Service has been deemed SOC2 compliant, meaning we meet the Trust Services Criteria for managing our clients’ valuable data.
Protecting Data Through Proven Compliance
Compliance Standards We Meet
Industry-Specific Compliance
- FERPA Compliant
- HIPAA Compliant
- SOC 2 Type II Certified
- GLBA Compliant
- ADA Compliant
- GDPR Compliant
- CCPA Compliant
- IRS-Authorized E-File Provider
- State Privacy Regulations
Operational Compliance
- Annual independent audits and certifications
- Regular security assessments and penetration testing
- Continuous staff training and awareness programs
- Background checks for all staff
- Document retention and secure disposal policies
- Complete audit trail maintenance and reporting
- Incident response and breach notification procedures
- Business continuity and disaster recovery protocols
- 256-bit encryption for all data transmission and storage
Advanced Security Measures
Regular Penetration Testing
Tab Service Company contracts with HALOCK, a premier information security consultancy, to conduct rigorous testing on a regular basis. The purposes are to:
1.
Find vulnerabilities in our computer systems that might permit access to malicious actors
2.
Determine the effectiveness of existing security controls
3.
Ensure continuous improvement of our security posture
After testing is completed, we receive a comprehensive HALOCK Penetration Test Report that summarizes findings, documents every vulnerability, and recommends countermeasures to prevent attacks and ensure compliance requirements are met. Tab Service Company takes these findings seriously, utilizing recommendations as we continually update and strengthen our security controls.
Our comprehensive security approach includes:
- Encrypted data transmission and storage
- Secure client portals with multi-factor authentication
- Role-based access controls and user permission management
- Regular security training for all staff members
- Continuous monitoring and threat detection
- Incident response and recovery procedures
Client Data Protection Commitments
What We Protect
- Personal and financial information
- Tax identification numbers and sensitive data
- Payment records and transaction details
- Educational records and student information
- Healthcare and benefits data
- Proprietary business information
- Intellectual property
How We Protect It
- SOC2-audited processes and controls
- Encrypted transmission and storage
- Restricted access on a need-to-know basis
- Regular security monitoring and auditing
- Secure disposal of data when no longer needed
- Incident response procedures and breach notification protocols
Why Our Security Matters to Your Business
Risk Mitigation
Choosing a provider shouldn’t be a leap of faith. You need confidence your partner can be trusted with sensitive data and critical processes.
Proven Controls
We are trusted by clients in healthcare, finance, and education, with SOC 2 reporting and penetration testing that verify your data is protected.
Continuous Improvement
Security is not a destination, but it’s an ongoing journey. We continuously evaluate and enhance our security measures.
Getting Your Security Questions Answered
Transparency and Documentation
We believe in complete transparency about our security measures. Our current SOC2 report is available to current and prospective clients after signing a mutual Non-Disclosure Agreement.
Ongoing Communication
Our security team is available to discuss your specific compliance requirements and explain how our controls meet your industry’s regulatory standards.
Getting Started
Ready to Experience Enterprise-Grade Security?
At Tab Service Company, security isn’t just about meeting standards—it’s about exceeding them. Our precision-driven approach to data protection ensures your sensitive information is safeguarded with the highest levels of security and compliance.
Contact Us to learn more about our security certifications and how our comprehensive compliance framework can provide the protection and peace of mind your organization deserves.