What security certifications does your offshore facility have?

Our Cebu IT Park facility operates under ISO 27001 certification with SOC 2 Type II compliant data centers. Physical security includes 24/7 CCTV monitoring, biometric fingerprint access, mantrap entry systems, and locked USB ports on all workstations. Network security features zero-trust architecture with AES-256 encryption on all data in transit.

How do you handle IRS Section 7216 for offshore tax preparation?

We provide pre-built IRS Section 7216 consent templates for every engagement. These templates are reviewed by US tax counsel and cover the disclosure of tax return information to our Philippine-based professionals. Your clients sign the consent form, and we maintain an auditable chain of custody for all taxpayer data.

What is an IRS-WISP and do you comply?

A Written Information Security Plan (WISP) is mandated by the IRS for all tax professionals under Publication 4557. Vance & Cole maintains a comprehensive WISP that covers our entire operation — from employee background checks and NDA enforcement to encrypted VPN tunnels and endpoint detection on every workstation. We can provide our WISP documentation for your firm's compliance records.

Enterprise Security & Compliance

Layer 1

Legal Foundation

Most agencies force you into foreign contracts. Vance & Cole operates entirely under domestic corporate law.

US LLC Entity Contracts
IRS §7216 Consent Framework
Comprehensive BAA for Healthcare
Strict NDAs enforceable in USA

Layer 2

Digital Fortress

IRS Pub 4557 strictly mandates a Written Information Security Plan (WISP) for CPA firms.

Full IRS-WISP Compliant Setup
Hardware MDM & BitLocker active
USB Ports Disabled / No Local Drives
Cloud App Firewalls (CASB)

Layer 3 — Physical Infrastructure

Zero-Trust Operations Facility

A laptop on a kitchen table is a massive compliance liability. Every keystroke happens inside our locked-down, monitored, enterprise-grade hub.

Biometric Access

Fingerprint scanners at every entry point. No keycard-only access.

Clean Desk Policy

Zero personal devices. No cellphones on the operations floor.

24/7 CCTV

Continuous video surveillance with 90-day retention archives.

99.99% Uptime

Redundant fiber ISPs and enterprise UPS battery backup systems.

Compliance Document Center

We don't just promise compliance; we provide the exact legal frameworks your firm needs to scale operations securely and legally.

PUB 4557

IRS Written Information Security Plan

// Vance & Cole IT DEPLOYMENT PROTOCOL

[ ] Device Drive Encryption Active VERIFIED

[ ] Multi-Factor Auth Enforced (Hardware) VERIFIED

[ ] Network Firewall Intrusions Logged VERIFIED

[ ] Annual Security Awareness Training Logged VERIFIED

[ ] Disaster Recovery Plan In Place VERIFIED

The full 14-page WISP document is available upon signing your engagement letter.

LEGAL TEMPLATE

IRC §7216 Disclosure & Consent

Snippet Preview

"Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties...

By signing below, you authorize [FIRM NAME] to disclose your tax return information to our dedicated operational subsidiary, Velmer Digital LLC, and its personnel located in the Philippines, strictly for the purpose of tax preparation assistance..."

Action required: Embed in annual engagement letter. DocuSign Ready

HIPAA

Business Associate Agreement (BAA)

For our Medical Billing & RCM clients, protecting PHI (Protected Health Information) is paramount under the HIPAA Security Rule.

Velmer Digital LLC signs as your Business Associate (BA).
Strict liability limits established under US Jurisdiction.
Immediate breach notification protocols codified (within 24 hours).
Guarantee of destruction/return of PHI upon termination.

Request Executive Summary →

Corporate Entity

IRS

WISP Compliant Setup

Independent Freelancers

Executive Leadership

Institutional Standards.
Absolute Operational Control.

Every engagement is bound by rigorous methodology, orchestrated directly from our secured Cebu facility under constant executive oversight.

Dean Bouhof

Managing Partner, APAC Operations

Dean commands the execution layer. Operating permanently from the APAC hub, he architects the zero-trust security infrastructure and drives ruthless performance management across all talent tiers. He ensures every offshore deployment mirrors US CPA firm standards from Day 1.

Facility Ops Process Architecture Compliance

Compliance & Certification Standards

Our infrastructure and processes are aligned with the following regulatory frameworks.

IRS-WISP

Pub 4557 Compliant

IRC §7216

Consent Framework

HIPAA BAA

Healthcare Ready

SOC 2 Aligned

Trust Service Criteria

Security Control	Vance & Cole (Premium KPO)	Standard Offshore BPO
IRS Section 7216 Compliance	Strict adherence; provides audit-ready client consent frameworks	Rarely implemented; relies on generic NDAs
Written Information Security Plan (WISP)	Fully integrated with US CPA firm's IRS Pub 4557 mandates	Ad hoc policies; lacks designated Data Security Coordinator
Encryption Standards	AES-256 encryption at rest, TLS 1.2+ in transit	Basic or unverified transit encryption
Identity & Access Management	Mandatory hardcoded MFA, Role-Based Access Control (RBAC)	Password-only access or optional MFA
Physical Data Security	SOC 2 Type II certified clean-desk facility; biometric access, locked USB ports, 24/7 CCTV	Remote work environments with high unauthorized data exposure
Staff Qualifications	Board-certified Philippine CPAs with US-GAAP training and 4.5% acceptance rate	Entry-level clerks with minimal formal accounting education

Institutional Grade.
Zero Compromise.

Legal Foundation

Digital Fortress

Zero-Trust Operations Facility

Compliance Document Center

IRS-WISP Checklist

IRC Section 7216 Template

Master BAA / NDA

IRS Written Information Security Plan

IRC §7216 Disclosure & Consent

Business Associate Agreement (BAA)

Institutional Standards.
Absolute Operational Control.

Dean Bouhof

Compliance & Certification Standards

Stop questioning your security posture.

Legal Foundation

Digital Fortress

Zero-Trust Operations Facility

Compliance Document Center

IRS-WISP Checklist

IRC Section 7216 Template

Master BAA / NDA

IRS Written Information Security Plan

IRC §7216 Disclosure & Consent

Business Associate Agreement (BAA)

Institutional Standards.Absolute Operational Control.

Dean Bouhof

Compliance & Certification Standards

Stop questioning your security posture.

Institutional Standards.
Absolute Operational Control.