WISP

WISP  

Written Information Security Plan 

Controllership Solutions LLC  

dba Quicken Coach & 

Sundial Virtual Family Office 

 Security and privacy are of the utmost importance to Stephen M. Smith CPA and Controllership Solutions LLC (CS) d/b/a Sundial Virtual Family Office (VFO).  CS has carried since 2010 an accountant’s professional liability insurance of $2 million ($1m/claim) which carries Network Risk and Privacy Claim endorsement. 

For instructional and consulting engagements, no private information is retained.  All work is performed on client systems. 

For Virtual Family Office, Bookkeeping and Controller for Hire services, client’s data is safeguarded via third party service providers, password protected software applications, anti-virus software and WEP encryption.  All former data will be destroyed no later than 1 year after services have been discontinued. Old machines are destroyed before recycling. 

We have implemented safety measures and industry best practices to minimize the risk of unauthorized access to client information.

While we have taken significant measures to safeguard client information, including staff backgrounds checks, secure remote environments, password management systems, and limited credential sharing—certain areas inherently involve the access and retention of sensitive data. Each of these areas, along with the corresponding vulnerabilities and controls in place, is outlined below.

STAFF: 

Staff access data exclusively through secure, hosted remote desktops and Microsoft 365 environments. Access to client-specific websites is managed through LastPass, a secure password management system. Staff are not provided with direct access to client bank account credentials unless explicitly required for their role. Two-factor authentication credentials and responses to security challenge questions are not shared with staff and remain solely with the Director (Stephen). Wherever feasible, read-only access is used to further reduce risk.

As a condition of employment, all staff have signed Privacy Policy and Client Confidentiality Agreements. Additionally, a background check has been completed for each employee (see details below). 

Stephen M Smith CPA (Owner)   

The principal is a licensed CPA since July 25, 2002, as such Stephen M Smith is held to professional and ethical standards. Current CPA certification status (Lic: 087561) can be verified here: Online Registration Renewal | Office of the Professions.  All discussions and data are kept confidential.

Jon Conklin 

Controllership Solutions LLC contracts on a W-2 employee basis with Jon Conklin.  Jon has been employed since Feb 2018 and is tasked with bookkeeping and transaction coding.  Jon lives in Lake Hopatcong, NJ. In addition to working for Controllership Solutions LLC he is a professional Full-time firefighter for Maplewood, NJ.  

Nadeem Naseer  

Controllership Solutions LLC engaged Mr. Nadeem Naseer as a full-time contractor, in April 2025. Mr. Naseer was approached by Stephen through a targeted LinkedIn search for Quicken experts and then retained after several discussions and a thorough background check including criminal records, reference checks and credit report (see below). 

Mr. Naseer brings a diverse and valuable skill set to the organization. His responsibilities at Controllership Solutions LLC include bookkeeping, technology support, Google Ad Search Engine Optimization, and serving as an expert in both Quicken and QuickBooks. 

Mr. Naseer resides in Kashmir, India, and in addition to his role with Controllership Solutions LLC, owns an 25 acre apple orchard, is a saffron farmer and beekeeper.  Nadeem has a BBA (Bachelor of Business Administration from IITM-Delhi) and a DCA (Diploma in Computer Applications) from ITDB. 

HOSTED DATA: 

Quicken & QuickBooks application files are hosted on two different platforms depending on client access requirements.  Primary hosting is via Microsoft Azure Virtual Hosting Servers.  Access is obtained via OpenVPN Connect and further authenticated via DUO two factor authentication. 

For Clients requiring access A Microsoft Remote Desktop Protocol (.RDP) client tool is used to allow remote users to see and access a dedicated server running Windows.   Both .RDP access and Server are supported by Ace Cloud Hosting a Real Time Data Services LLC service which is powered by Switch.com infrastructure who maintain large data center’s throughout the US at secure locations.  Switch maintains strict security and redundancy and is SOC I compliant. 

SOFTWARE PROTECTIONS: 

The software programs themselves (primarily Quicken & QuickBooks) are also password protected and subject to Quicken Inc. and Intuit’s (INTU) privacy and security policies:  

Quicken Inc:  https://www.quicken.com/privacy 

Intuit: http://security.intuit.com/learn-more.html 

LAST PASS  

https://www.lastpass.com/ 

Last Pass is used to store and share all client passwords, challenge questions and credentials.  Clients are encouraged to establish an account and share them with CS.  Passwords are only accessible by the principal Stephen M Smith.  Clients retain Two Factor Authentication (2FA) which in practice requires coordination when accessing.