Common questions about WISP's

A WISP is a Written Information Security Plan.

The IRS and the Security Summit partners remind you to protect yourselves and your clients' sensitive information by putting in place a Written Information Security Plan (WISP).

A WISP helps you identify actions to take in the event of a security incident, data loss or theft. You're the first line of defense in protecting taxpayer information. Regardless of the size of your practice, you should take steps to protect your systems and comply with federal standards.

The sample Written Information Security Plan (WISP)PDF provides a starting point for businesses. It can be scaled for a company's size, scope of activities, complexity and customer data sensitivity.

For more information on WISP, see IRS Publication 5709, How to Create a Written Information Security Plan for Data Safety

PII Disclosure Policy:

Per Publication 5708, page 9, PII Disclosure Policy, Item D:

Any third-party service provider that does require access to information must be compliant with the standards contained in this WISP at a minimum. The exceptions are tax software vendors and e-Filing transmitters; and the state and federal tax authorities, which are already compliant with laws that are stricter than this WISP requires. These additional requirements are outlined in IRS Publication 1345.

Related information for the Intuit Accountants Tax Pro Center:

• How to create a WISP for your practice.
• Elements in your WISP.