Intuit ToS: What accountants need to know
Intuit's Terms of Service place the responsibility for data protection squarely on the account owner. We break down the clauses every accountant and bookkeeper needs to read — and what to do about them.
6 resources
Intuit's Terms of Service place the responsibility for data protection squarely on the account owner. We break down the clauses every accountant and bookkeeper needs to read — and what to do about them.
A 12-point checklist covering the backup, encryption, access control, and incident response requirements of the FTC Safeguards Rule (GLBA). Written specifically for bookkeeping and tax preparation firms.
QuickBooks Online's built-in backup creates a read-only export snapshot — it does not include all entity types, does not include attachments, and cannot be used to restore directly into QBO. Here's exactly what's missing and why it matters.
Most underwriters now require proof of a 3-2-1 backup strategy before binding a cyber policy. This guide walks through what documentation you'll need, what counts as an "independent" backup, and how WOW helps you qualify.
Xero operates a shared-responsibility model: Xero maintains platform uptime; you own your data. This means data deleted by a user, corrupted by a third-party app, or lost in a ransomware attack is your problem to fix — not Xero's.
A Written Information Security Plan (WISP) is required for every U.S. tax preparer under the FTC Safeguards Rule. This template-driven guide walks you through each required section, including your backup and recovery procedures.
Looking for in-depth articles and guides?
Visit the Articles pageEvery guide is written by practitioners who've been in the room when things go wrong.
FTC Safeguards, GLBA, GDPR, state privacy laws, and what they mean for your backup obligations.
What underwriters actually look for — 3-2-1 backups, tested recovery, documented procedures.
How immutable, WORM-protected backups protect your firm when everything else fails.
Xero and Intuit ToS decoded — who actually owns your data and who's responsible for it.
Playbooks for data loss events: what to do in the first hour, first day, and first week.
Written information security plans, data inventories, and access controls for small practices.