"To combat external risks from outside the firm network to the security, confidentiality, and/or integrity of electronic, paper, or other records containing PII, and improving - where necessary - the effectiveness of the current safeguards for limiting such risks, the Firm has implemented the following policies and procedures."

That sounds pretty impressive ......... and wordy.  Can I just type that up and call it my security plan?😁  Besides, don't they have enough tax cheats to catch instead of spending their time seeing what kind of BS tax preparers can type up to try and make them happy?