Practice Management How to create a Written Information Security Plan Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Intuit Accountants Team Modified Jan 2, 2024 3 min read Editor’s note: Check out our newest article on Written Information Security Plans. The Security Summit partners recently unveiled a special new sample security plan designed to help tax professionals, especially those with smaller practices, protect their data and information. Federal law requires all professional tax preparers to create and implement a data security plan. The Security Summit group, a public-private partnership between the IRS, states, and the nation’s tax industry, has noticed that some tax professionals continue to struggle with developing a written security plan. In response to this need, the Summit, led by the Tax Professionals Working Group, has spent months developing the “Written Information Security Plan (WISP),” a special sample document that allows tax professionals to quickly set their focus in developing their own written security plans. “Tax professionals play a critical role in our nation’s tax system,” said Carol Campbell, director of the IRS Return Preparer Office and co-lead of the Summit Tax Professionals Group. “But for many tax professionals, it is difficult to know where to start when developing a security plan. The Summit members worked together on this guide to walk tax pros through the many considerations needed to create a Written Information Security Plan to protect their businesses and their clients, as well as comply with federal law.” There are many aspects to running a successful business in the tax preparation industry, including reviewing tax law changes, learning software updates, and managing and training staff. One often overlooked but critical component is creating a WISP. Security issues for a tax professional can be daunting. The Summit team worked to make this document as easy to use as possible, including special sections to help tax professionals get to the information they need. “We have tried to stay away from complex jargon and phrases so that the document can have meaning to a larger section of the tax professional community,” said Campbell. “It is not intended to be the final word in Written Information Security Plans, but it is intended to give tax professionals a place to start in understanding and attempting to draft a plan for their business.” A security plan should be appropriate to the company’s size, scope of activities, complexity and the sensitivity of the customer data it handles. There is no one-size-fits-all WISP. For example, a sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm, which is reflected in the new sample WISP. Once completed, tax professionals should keep their WISP in a format that others can easily read, such as PDF or Word. Making the WISP available to employees for training purposes is encouraged. Storing a copy offsite or in the cloud is a recommended best practice in the event of a natural disaster. Additional resources Tax professionals also can get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals, and businesses have important details as well. Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. The IRS also recommends tax professionals create a data theft response plan, which includes contacting the IRS Stakeholder Liaisons to report a theft. Previous Post Grow your practice by serving fewer clients (not more) Next Post 3 key considerations in recordkeeping for crypto estate planning Written by Intuit Accountants Team The Intuit® Accountants team provides ProConnect™ Tax, Lacerte® Tax, ProSeries® Tax, and add-on software and services to enable workflow for its customers. Visit us at https://proconnect.intuit.com, or follow us on Twitter @IntuitAccts. More from Intuit Accountants Team 2 responses to “How to create a Written Information Security Plan” Can you provide a company that will prepare a WISP plan for my sole proprietorship? Hi Lynda – we cannot endorse companies that provide this, but our suggestion is to visit https://www.irs.gov/pub/irs-pdf/p5708.pdf – a guide that will help you create one. Thanks. Browse Related Articles Practice Management IRS Reminds Professional Tax Preparers of Data Security… Practice Management IRS Urges Tax Professionals to Educate Employees About … Tax Law and News IRS Warns Tax Pros About Cyber Threats Tax Law and News Watch out for “new client” email scam Tax Law and News Protect Client Data With the IRS Taxes-Security-Togethe… Tax Law and News IRS Issues Security Summit Alert: New Two-Stage Email S… Practice Management How to protect your firm and taxpayer data from COVID-1… Tax Law and News IRS Summit Partners Warn Tax Pros to be on Alert and St… Tax Law and News Above the Forms: Expanded Security for Tax Professional… Practice Management IRS Reminds Tax Pros to Use Strong Passwords, Encryptio…
Hi Lynda – we cannot endorse companies that provide this, but our suggestion is to visit https://www.irs.gov/pub/irs-pdf/p5708.pdf – a guide that will help you create one. Thanks.