INTRODUCTION
This document has been prepared by the Archetype Chief Information Security Officer and is designed to convey information regarding the information security posture of Archetype. The information contained within this document has been designed to demonstrate the organization's commitment to information security and compliance objectives. This document shall serve as security and compliance assurance for business contacts.
ERTC ADVERTISEMENT DISCLAIMER
Consult a Professional: The Employee Retention Tax Credit (ERTC) advertisement provides general information about the program. It is not intended to constitute legal, financial, or tax advice. Please consult with a qualified tax advisor or legal professional to understand how the ERTC applies to your specific circumstances.
Individual Circumstances: The ERTC eligibility criteria, limitations, and rules may vary based on factors such as the size of your business, industry, financial situation, and applicable laws. The information presented in this advertisement may not be applicable to all businesses or situations.
Accuracy of Information: While we strive to provide accurate and up-to-date information, laws, regulations, and guidance related to the ERTC may change over time. Please verify the information independently and consult with a professional to ensure you have the most current details.
Limitations of Liability: The creators of this advertisement do not assume any responsibility or liability for errors, omissions, or inaccuracies in the information provided or for any actions taken based on the content of this advertisement. Individuals showcased in advertisement are in no way a reflection of Archetype Consulting Group's clientele. We are an equal opportunity firm that caters to all individuals of all backgrounds.
Legal Compliance: It is your responsibility to comply with all applicable laws, regulations, and requirements related to the ERTC. This advertisement does not guarantee any specific outcome or results, and the ultimate responsibility for compliance rests with the business owner or taxpayer.
Remember, the ERTC can provide significant benefits for eligible businesses, but it's crucial to understand its intricacies and consult with professionals who can guide you through the process.
INFORMATION SECURITY PROGRAM
Archetype leverages a set of information security frameworks and standards to include the Center for Internet Security’s Critical Security Controls. In addition to this framework, Archetype also follows various provisions under national and international privacy regulations, such as the GDPR and CCPA. This combination of security frameworks creates the overarching governance program for Archetype. Archetype has an information security department led by the Chief Information Security Officer and includes executive support and oversight. The information security responsibilities span various departments within Archetype, including HR, development, leadership, engineering, IT, and business operations. Recurring training occurs for employees, and continuous vulnerability assessment services are leveraged and performed. In addition to this, Archetype undergoes regular security testing.
Critical Archetype services leverage software as a service model that hold valid SOC II reports, in addition to holding various other certifications for ISO, NIST, and more. Protocols are followed internally to ensure that only properly vetted Archetype members are granted access to production systems. Recurring threat assessments are also performed to ensure that Archetype meets both compliance and tactical security objectives throughout the year. Archetype also leverages managed detection and response for critical endpoints within the organization.
DESKTOP AND MOBILE SECURITY
All devices issued to Archetype Capital employees are configured to our standards for security. These standards require key systems to be properly configured, tracked, and monitored by Archetypes security team. Workstations run up-to-date monitoring software to report potential malware, unauthorized software, and other insights.
ACCESSIBILITY & AUTHENTICATION
Archetype adheres to the principles of least privilege and role-based permissions when providing access to minimize the risk of data exposure. Staff are authorized to access only the data they reasonably must handle to carry out their roles. All production access is reviewed regularly.
To further reduce the risk of unauthorized access to data, Archetype employs multi-factor authentication for key data and cloud systems. Where possible and appropriate, Archetype uses private keys for authentication, in addition to the previously mentioned multi-factor authentication.
DISASTER RECOVERY
Archetype has implemented highly redundant configurations of cloud technologies to ensure that data processing and business activities can be continued when in a disaster situation. This helps to ensure client expectations are met in the event of a disaster.
SECURITY ASSESSMENTS & TESTING
Archetype is continuously monitoring, assessing, and improving our security controls. These activities are regularly performed by our internal security team. Results are shared with senior management, and all findings are tracked to resolution in a timely manner.
SECURITY
Archetype conducts regular testing to validate security controls and social engineering as part of our security assessment practices. This testing allows us to identify vulnerabilities and security gaps in our organization, test our incident response and assess our risks through ethical hacking and cyberattack simulation.
For more information, please contact us by emailing us at security@archetypecg.com
Archetype has fully vetted and formal policies for incident response, disaster recovery, business continuity, change and configuration management, risk management, employee onboarding and offboarding, software development lifecycle management, data retention and classification, social media security, acceptable use agreements, non-disclosure contracts, data privacy and handling, and other various critical documents to support the organizational compliance and security initiatives.