What security certifications does your offshore facility have?

Our Cebu IT Park facility operates under ISO 27001-aligned infrastructure with enterprise-grade data infrastructure. Physical security includes 24/7 CCTV monitoring, biometric fingerprint access, mantrap entry systems, and locked USB ports on all workstations. Network security features zero-trust architecture with AES-256 encryption on all data in transit.

How do you handle IRS Section 7216 for offshore tax preparation?

We provide pre-built IRS Section 7216 consent templates for every engagement. These templates are reviewed by US tax counsel and cover the disclosure of tax return information to our Philippine-based professionals. Your clients sign the consent form, and we maintain an auditable chain of custody for all taxpayer data.

What is an IRS-WISP and do you comply?

A Written Information Security Plan (WISP) is mandated by the IRS for all tax professionals under Publication 4557. Vance & Cole maintains a comprehensive WISP that covers our entire operation - from employee background checks and NDA enforcement to encrypted VPN tunnels and endpoint detection on every workstation. We can provide our WISP documentation for your firm's compliance records.

Enterprise Security & Compliance

Layer 1

Legal Foundation

Most agencies force you into foreign contracts. Vance & Cole operates entirely under domestic corporate law.

US LLC Entity Contracts
IRS §7216 Consent Framework
Comprehensive BAA for Healthcare
Strict NDAs enforceable in USA

Layer 2

Digital Fortress

IRS Pub 4557 strictly mandates a Written Information Security Plan (WISP) for CPA firms.

Full IRS-WISP Compliant Setup
Hardware MDM & BitLocker active
USB Ports Disabled / No Local Drives
Cloud App Firewalls (CASB)

Layer 3 - Physical Infrastructure

Zero-Trust Operations Facility

A laptop on a kitchen table is a massive compliance liability. Every keystroke happens inside our locked-down, monitored, enterprise-grade hub.

Biometric Access

Fingerprint scanners at every entry point. No keycard-only access.

Clean Desk Policy

Zero personal devices. No cellphones on the operations floor.

24/7 CCTV

Continuous video surveillance with 90-day retention archives.

99.99% Uptime

Redundant fiber ISPs and enterprise UPS battery backup systems.

Compliance Document Center

We don't just promise compliance; we provide the exact legal frameworks your firm needs to scale operations securely and legally.

PUB 4557

IRS Written Information Security Plan

// Vance & Cole IT DEPLOYMENT PROTOCOL

[ ] Device Drive Encryption Active VERIFIED

[ ] Multi-Factor Auth Enforced (Hardware) VERIFIED

[ ] Network Firewall Intrusions Logged VERIFIED

[ ] Annual Security Awareness Training Logged VERIFIED

[ ] Disaster Recovery Plan In Place VERIFIED

The full 14-page WISP document is available upon signing your engagement letter.

LEGAL TEMPLATE

IRC §7216 Disclosure & Consent

Snippet Preview

"Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties...

By signing below, you authorize [FIRM NAME] to disclose your tax return information to our dedicated operational subsidiary, Velmer Digital LLC, and its personnel located in the Philippines, strictly for the purpose of tax preparation assistance..."

Action required: Embed in annual engagement letter. DocuSign Ready

HIPAA

Business Associate Agreement (BAA)

For our Medical Billing & RCM clients, protecting PHI (Protected Health Information) is paramount under the HIPAA Security Rule.

Velmer Digital LLC signs as your Business Associate (BA).
Strict liability limits established under US Jurisdiction.
Immediate breach notification protocols codified (within 24 hours).
Guarantee of destruction/return of PHI upon termination.

Request Executive Summary →

Corporate Entity

IRS

WISP Compliant Setup

Independent Freelancers

The Vance & Cole Legend

Institutional Standards.
Architectural Precision.

Vance & Cole was inspired by the traditional pillars of Wall Street advisory - precision (Vance) and enduring partnership (Cole). We are not named after individual founders, but after the archetype of the trusted American financial institution.

Founded by tech and facility operators who saw the immense disconnect between US CPA capacity constraints and the chaotic, non-compliant offshore BPO landscape. Velmer Digital LLC (operating as Vance & Cole) was built to bridge this gap by architecting a zero-trust, WISP-aligned "factory" for elite APAC talent to thrive.

System Architect

Dean Bouhof

Managing Partner, Operations Strategy

[email protected]

Dean does not pretend to be a CPA. He is a systems architect. Operating permanently from the APAC operations hub, Dean maps the infrastructure necessary for zero-trust compliance, hardware provisioning, and physical facility security. He ensures that every talent deployment operates inside a structural "fortress" strictly identical to US enterprise standards.

Zero-Trust Topologies Facility Compliance

Elena Reyes

Director of Talent Acquisition

Elena enforces our 4.5% acceptance pipeline, vetting hundreds of APAC-based candidates purely on US GAAP knowledge, enterprise software proficiency, and technical competencies.

Sarah Lin

Head of Capacity Strategy

Sarah maps new client requirements directly against our vetted talent pool. She ensures the precise technological match is found before Day 1 deployment.

Marcus Thorne

VP of Client Success

Marcus handles the onboarding bridge, working exclusively with US Partners to enforce WISP protocols seamlessly and ensure zero productivity friction during KPO transition.

Compliance & Certification Standards

Our infrastructure and processes are aligned with the following regulatory frameworks.

IRS-WISP

Pub 4557 Compliant

IRC §7216

Consent Framework

HIPAA BAA

Healthcare Ready

SOC 2 Aligned

Trust Service Criteria

Security Control	Vance & Cole (Premium KPO)	Standard Offshore BPO
IRS Section 7216 Compliance	Strict adherence; provides audit-ready client consent frameworks	Rarely implemented; relies on generic NDAs
Written Information Security Plan (WISP)	Fully integrated with US CPA firm's IRS Pub 4557 mandates	Ad hoc policies; lacks designated Data Security Coordinator
Encryption Standards	AES-256 encryption at rest, TLS 1.2+ in transit	Basic or unverified transit encryption
Identity & Access Management	Mandatory hardcoded MFA, Role-Based Access Control (RBAC)	Password-only access or optional MFA
Physical Data Security	SOC 2 Type II certified clean-desk facility; biometric access, locked USB ports, 24/7 CCTV	Remote work environments with high unauthorized data exposure
Staff Qualifications	Board-certified Philippine CPAs with US-GAAP training and 4.5% acceptance rate	Entry-level clerks with minimal formal accounting education