Practice Management

Completing your WISP for PTIN renewal

Written by Jonathan Young
Modified Nov 13, 2024
2 min read

A Written Information Security Plan (WISP) is required for all PTIN or tax preparers, regardless of how many clients you may have, in conjunction with the FTC Safeguards rule. A well-maintained WISP is not only a requirement under federal law, but an invaluable tool for identifying and mitigating potential security risks in your practice. In this article, we’ll guide you through the essentials of updating your WISP to ensure it aligns with PTIN renewal requirements and the latest security best practices.

What should be included in the WISP?

When writing your WISP, consider your company’s size, complexity, and scope. A large firm will have a longer, more robust plan than a smaller firm—so there isn’t a one-size-fits-all approach. However, there are three key areas each WISP should include:

Employee management and training
Information systems and technology
Detecting and managing system failures

Ensure your WISP covers, and includes, the following elements:

Objectives, purpose, and scope of your WISP.
Designate who is responsible for creating, coordinating, and implementing your program, as well as list your authorized staff, their responsibilities, and what data they can access.
Assess current risks and detail the types of information your firm handles, if you have any areas of potential data loss, and how you monitor and test these risks.
List the hardware you use for work and where each piece is located (on the cloud, in your primary office, at a staff member’s home, or other places.
Detail your Employee Code of Conduct and your document safety policies, including those for:
- Data collection, retention, and disclosure.
- User access on-site and remotely.
- Network protection, Wi-Fi access, and connected devices.
- Electronic data exchange.
- Reportable incidents.
Include a signed implementation clause that states when you executed the WISP.

Download a free checklist

With information such as your clients’ names, Social Security numbers, financial data, and addresses, thieves can steal their identities, file fraudulent tax returns, apply for loans, and more. Use this checklist to confirm your WISP complies with federal requirements and includes recommended details.

Get WISP and compliance templates FREE with your SmartVault subscription

Sign up to SmartVault’s Unlimited plan, and get access to WISP and compliance templates written by our chief information security officer, as well as unlimited eSignatures, KBAs, storage and more! Sign up for a demo today.

Jonathan Young is vice president of marketing at SmartVault, and has 15+ years of experience growing businesses through detailed and robust go-to-market strategies. Since joining SmartVault, Jonathan has submerged himself in the accounting industry, learning about current technology trends, analyzing the accounting landscape and understanding compliance regulations to ensure firms are safeguarding their customer information and scaling for growth through process efficiencies. Jonathan prides himself on leading high-performing teams and leveraging data-driven strategies, and driving engagement and revenue growth, while fostering a collaborative and innovative work culture. More from Jonathan Young