Tax Information Security Guidelines For Federal, State and ...

嚜燕ublication 1075

Tax Information

Security Guidelines

For Federal, State

and Local Agencies

Safeguards for Protecting Federal Tax Returns

and Return Information

IRS Mission Statement

Provide America*s taxpayers top-quality service by helping them understand and meet

their tax responsibilities and enforce the law with integrity and fairness to all.

Office of Safeguards Mission Statement

The Mission of Safeguards is to promote taxpayer confidence in the integrity of the tax

system by ensuring the confidentiality of IRS information provided to federal, state, and

local agencies. Safeguards verifies compliance with Internal Revenue Code (IRC) ∫

6103(p)(4) safeguard requirements through the identification and mitigation of any risk of

loss, breach or misuse of Federal Tax Information (FTI) held by external government

agencies.

Office of Safeguards Vision Statement

To serve as a trusted advisor to our Partners, ensuring they have full understanding and

insight into FTI requirements and their risk profile, obtain consistent and timely guidance

from a ※single voice§ and receive service and support that is aligned to their risk profile.

We will drive the customer experience and FTI compliance via a collaborative and

empowered culture and a cross-trained workforce that is built around a risk-based

operating model that integrates infrastructure and processes to enable efficient and

effective operations.

2

Contents

IRS Mission Statement_________________________________________________ 2

Office of Safeguards Mission Statement __________________________________ 2

Office of Safeguards Vision Statement ___________________________________ 2

Highlights for November 2021 Revision__________________________________ 12

Security and Privacy Control Table _____________________________________ 17

INTRODUCTION _____________________________________________________ 23

General__________________________________________________________________ 23

Overview of Publication 1075_________________________________________________ 24

SAFEGUARD RESOURCES____________________________________________ 24

Safeguards Website ________________________________________________________ 24

Safeguards Mailbox ________________________________________________________ 25

KEY DEFINITIONS ___________________________________________________ 25

Federal Tax Information _____________________________________________________ 25

Return and Return Information________________________________________________ 26

Personally Identifiable Information (PII) _________________________________________26

Information Received from Taxpayers or Third Parties _____________________________27

Access __________________________________________________________________ 27

Cloud Computing __________________________________________________________ 27

Inadvertent Access_________________________________________________________ 27

Inadvertent Disclosure ______________________________________________________ 27

Incidental Access __________________________________________________________ 27

Unauthorized Access _______________________________________________________ 27

Unauthorized Disclosure ____________________________________________________ 28

Need-to-Know ____________________________________________________________ 28

Adverse Action ____________________________________________________________ 28

Disciplinary Action _________________________________________________________ 28

Personnel Sanction ________________________________________________________ 28

1.0 FEDERAL TAX INFORMATION, REVIEWS and OTHER REQUIREMENTS ____ 29

1.1 General _________________________________________________________ 29

1.2 Authorized Use of FTI _____________________________________________ 29

1.3 Secure Data Transfer ______________________________________________ 30

1.4 State Tax Agency Limitations _______________________________________ 30

3

1.5 Coordinating Safeguards within an Agency ___________________________ 31

1.6 Safeguard Reviews _______________________________________________ 31

1.6.1 Before the Review _____________________________________________________ 31

1.6.2 During the Review _____________________________________________________ 32

1.6.3 After the Review ______________________________________________________ 32

1.7 Termination of FTI ________________________________________________ 33

1.7.1 Agency Request ______________________________________________________ 33

1.7.1.1 Termination Documentation _______________________________________________ 33

1.7.1.2 Archiving FTI Procedure __________________________________________________ 34

1.7.2 FTI Suspension, Termination and Administrative Review_______________________34

1.8 Reporting Improper Inspections or Disclosures ________________________ 34

1.8.1 Terms ______________________________________________________________ 34

1.8.1.1 Data Incident ____________________________________________________________ 34

1.8.1.2 Data Breach _____________________________________________________________ 35

1.8.2 General _____________________________________________________________ 35

1.8.3 Office of Safeguards Notification Process___________________________________36

1.8.4 Incident Response Procedures ___________________________________________ 37

1.8.5 Incident Response Notification to Impacted Individuals ________________________37

1.9 Disclosure to Other Persons ________________________________________ 38

1.9.1 General _____________________________________________________________ 38

1.9.2 Authorized Disclosure Precautions ________________________________________38

1.9.3 External Personnel Security _____________________________________________ 38

1.9.4 Disclosing FTI to Contractors or Sub-Contractors_____________________________38

1.9.5 Re-Disclosure Agreements ______________________________________________ 40

1.10 Return Information in Statistical Reports ____________________________ 40

1.10.1 General ____________________________________________________________ 40

1.10.2 Making a Request under IRC ∫ 6103(j)____________________________________41

1.10.3 State Tax Agency Statistical Analysis _____________________________________41

2.0 PHYSICAL SECURITY REQUIREMENTS ______________________________ 42

2.A Recordkeeping Requirement 每 IRC ∫ 6103(p)(4)(A) _____________________ 42

2.A.1 General _____________________________________________________________ 42

2.A.2 Logs of FTI (Electronic and Non-Electronic Receipts) _________________________42

Figure 1 每 Sample FTI Logs__________________________________________________ 43

2.A.3 Converted Media______________________________________________________ 43

2.A.4 Recordkeeping of Disclosures to State Auditors______________________________43

2.B Secure Storage 每 IRC ∫ 6103(p)(4)(B) ________________________________ 43

4

2.B.1 General _____________________________________________________________ 43

2.B.2 Minimum Protection Standards___________________________________________ 44

Table 1 每 Minimum Protection Standards _______________________________________44

2.B.3 Restricted Area Access_________________________________________________ 45

2.B.3.1 Visitor Access Logs ______________________________________________________

Figure 2 每 Visitor Access Log ____________________________________________________

2.B.3.2 Authorized Access List ___________________________________________________

2.B.3.3 Controlling Access to Areas Containing FTI __________________________________

2.B.3.4 Control and Safeguarding Keys and Combinations ____________________________

2.B.3.5 Locking Systems for Secured Areas ________________________________________

45

46

46

47

47

48

2.B.4 FTI in Transit_________________________________________________________ 48

2.B.4.1 Security During Office Moves ______________________________________________ 48

2.B.5 Physical Security of Computers, Electronic and Removable Media _______________48

2.B.6 Media Off-Site Storage Requirements _____________________________________49

2.B.7 Alternate Work Site ____________________________________________________ 49

2.B.7.1 Equipment ______________________________________________________________ 49

2.B.7.2 Storing Data ____________________________________________________________ 50

2.B.7.3 Other Safeguards ________________________________________________________ 50

2.C Restricting Access 每 IRC ∫ 6103(p)(4)(C) _____________________________ 50

2.C.1 General _____________________________________________________________ 50

2.C.2 Policies and Procedures ________________________________________________ 51

2.C.3 Background Investigation Minimum Requirements ___________________________53

2.C.3.1 Background Investigation Requirement Implementation _______________________ 54

2.C.4 Personnel Actions_____________________________________________________ 54

2.C.4.1 Personnel Transfer_______________________________________________________ 54

2.C.4.2 Personnel Sanctions _____________________________________________________ 55

2.C.4.3 Personnel Termination____________________________________________________ 55

2.C.5 Commingling of FTI ___________________________________________________ 55

2.C.5.1 Commingling of Electronic Media __________________________________________ 56

2.C.6 Access to FTI via State Tax Files or Through Other Agencies___________________56

2.C.7 Offshore Operations ___________________________________________________ 57

2.C.8 Controls Over Processing_______________________________________________ 57

2.C.8.1 Agency-owned and Operated Facility _______________________________________ 57

2.C.8.2 Agency, Contractor or Sub-Contractor Shared Facilities _______________________ 57

2.C.9 Service Level Agreements (SLA) _________________________________________58

2.C.10 Review Availability of Contractor and Sub-Contractor Facilities_________________59

2.C.11 Restricting Access 每 Other Disclosures ___________________________________59

2.C.11.1 Child Support Agencies〞IRC ∫∫ 6103(l)(6), (l)(8) and (l)(10)____________________

2.C.11.2 Human Services Agencies〞IRC ∫ 6103(l)(7)_________________________________

2.C.11.3 Deficit Reduction Agencies〞IRC ∫ 6103(l)(10) _______________________________

2.C.11.4 Centers for Medicare and Medicaid Services〞IRC ∫ 6103(l)(12)(C) ______________

2.C.11.5 Disclosures under IRC ∫ 6103(l)(20) ________________________________________

2.C.11.6 Disclosures under IRC ∫ 6103(l)(21) ________________________________________

2.C.11.7 Disclosures under IRC ∫ 6103(i) ___________________________________________

5

59

60

60

60

60

60

61

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.