{"id":36897,"date":"2024-01-02T08:00:00","date_gmt":"2024-01-02T14:00:00","guid":{"rendered":"https:\/\/taxprocenter.proconnect.intuit.com\/?p=36897"},"modified":"2023-12-20T11:50:59","modified_gmt":"2023-12-20T17:50:59","slug":"elements-in-your-written-info-security-plan-wisp","status":"publish","type":"post","link":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","title":{"rendered":"8 elements in your Written Info Security Plan (WISP)"},"content":{"rendered":"\n<p>The <a href=\"https:\/\/accountants.intuit.com\/taxprocenter\/tag\/covid-19\/\">pandemic<\/a> accelerated the adoption of digital technologies and intensified the risks associated with cybersecurity. As tax professionals and accounting firms continue to adapt to a post-pandemic reality, the need for a robust cybersecurity framework has never been more pronounced. No firm is exempt from the threat of cyberattacks. It&#8217;s imperative that all practices adopt a fundamental set of policies to secure their operations and their clients&#8217; trust.<\/p>\n\n\n\n<p>The financial sector, particularly tax and accounting practices, has become a prime target for cybercriminals. <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/special-report\/data-breach\/latest-incidents\" target=\"_blank\">Recent breaches<\/a> have shown that no entity, regardless of its size, is immune to these threats. The consequences of such breaches are severe, ranging from substantial financial losses to irreparable damage to the reputation and trust clients place in these services. It&#8217;s not just large firms that are at risk; small practices often lack the resources for comprehensive cybersecurity, making them particularly vulnerable.<\/p>\n\n\n\n<p class=\"has-x-large-font-size\"><strong>Your Written Information Security Plan<\/strong><\/p>\n\n\n\n<p>Developing a comprehensive cybersecurity framework starts with a thorough assessment of current security measures. Identifying vulnerabilities and gaps in existing protocols is a vital step. The IRS requires tax preparers and accountants to create and maintain a <a href=\"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/how-to-create-a-written-information-security-plan-for-your-practice\/\">Written Information Security Plan<\/a> (WISP) as part of their efforts to secure taxpayer data. A WISP should be a formal document that outlines the administrative, technical, and physical safeguards implemented to protect client data. The plan must be tailored to the firm&#8217;s size, complexity, and scope of activities. It&#8217;s a legal requirement under the Gramm-Leach-Bliley Act and the Federal Trade Commission&#8217;s Safeguards Rule\u2014not just a good thing for your practice.<\/p>\n\n\n\n<p>A robust WISP typically includes the following eight elements:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Risk assessment<\/strong>: Regular evaluations of the potential risks to client data and the internal systems used to process that data.<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security policies and procedures:<\/strong> Detailed written policies regarding data security, including how to handle, and protect, personally identifiable information throughout its lifecycle.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Employee training program<\/strong>: A program to educate employees about their roles in protecting sensitive data, recognizing <a href=\"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/make-your-office-a-no-phishing-zone\/\">phishing<\/a> and social engineering attacks, and reporting suspected breaches.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Access controls<\/strong>: Systems to ensure that only authorized personnel have access to sensitive data, including the use of <a href=\"https:\/\/taxprocenter.proconnect.intuit.com\/client-relationships\/help-your-clients-create-stronger-passwords\/\">strong passwords and two-factor authentication<\/a> where possible.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data encryption:<\/strong> Measures to encrypt data at rest and in transit, using strong encryption methods.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Secure data disposal:<\/strong> Policies and procedures for the secure disposal of obsolete data that is no longer required for business or compliance purposes.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident response plan:<\/strong> A formal plan that outlines the steps to be taken in the event of a data breach or security incident, including notification procedures.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Regular monitoring and compliance:<\/strong> Ongoing activities to monitor the effectiveness of security measures and to update the WISP as necessary when new threats are identified or when the firm undergoes changes that could affect security.<\/li>\n<\/ul>\n\n\n\n<p>The IRS emphasizes that a WISP is not a &#8220;set it and forget it&#8221; exercise, but a living document that requires regular updates and reviews to adapt to new threats and changes in the firm\u2019s operations. By adhering to these guidelines, tax and accounting professionals can ensure they are taking the necessary steps to protect client data and comply with IRS requirements.<\/p>\n\n\n\n<p class=\"has-x-large-font-size\"><strong>Responding to a security breach<\/strong><\/p>\n\n\n\n<p>An often-overlooked aspect of cybersecurity is having a well-prepared response plan in the event of a breach. This plan should include immediate steps to mitigate damage, methods to investigate and resolve the breach, and strategies for communicating with affected parties.<\/p>\n\n\n\n<p>Experiencing a security breach can be one of the most trying times for any firm. The moment you discover that your firm&#8217;s, and more critically, your clients&#8217; confidential data may have been compromised, obligations and concerns begin to unfold.<\/p>\n\n\n\n<p>The immediate response must be swift and effective, involving containment and assessment of the breach. But what follows is an equally critical phase\u2014notification. The law often requires that clients be informed of data breaches, a process that is not just a procedural formality but also a test of the firm&#8217;s transparency and integrity.<\/p>\n\n\n\n<p>Drafting the notification to clients is a delicate task; it is an admission of a lapse in the very promise of confidentiality that lies at the heart of client relationships. The embarrassment that accompanies this admission is profound.&nbsp;<\/p>\n\n\n\n<p class=\"has-x-large-font-size\"><strong>I run a small firm of 3 remote members<\/strong><\/p>\n\n\n\n<p>Investing in cybersecurity is not a matter of if, but when. For me, the realization came when I understood that our remote setup could be at risk. We operate as a 100% remote tax and bookkeeping practice, and enjoy the freedom to work from anywhere. As a result, it was clear that we needed to enhance our firm\u2019s cybersecurity. We partnered with a reliable IT provider\u2014<a href=\"https:\/\/www.visory.net\/\" target=\"_blank\">Visory<\/a>\u2014and opted for a fully managed IT and cybersecurity services that were comprehensive and tailored to our unique needs. Our plan includes IT helpdesk support, remote management, next-gen threat hunting, phishing\/spam filtering, and cybersecurity awareness training for our team, along with a <a href=\"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/what-is-a-vpn-and-4-reasons-why-every-tax-professional-should-use-one\/\">secure VPN solution<\/a>.<\/p>\n\n\n\n<p>For a small practice of three, we found the balance between security and efficiency. Safeguarding our own information\u2014and our clients&#8217; information\u2014is paramount, even when working beyond U.S. borders. In today&#8217;s globalized workforce, ensuring the security of remote team members, especially those outside our borders, is not just essential; it&#8217;s critical.<\/p>\n\n\n\n<p>As we wrap up, let&#8217;s embrace a simple truth: Cybersecurity is our strong ally in the world of tax and accounting. It doesn&#8217;t matter if you&#8217;re a solo practitioner or part of a larger firm\u2014the commitment to safeguarding client trust remains paramount. Through clear policies and ongoing adaptation, we not only meet compliance standards, but uphold a fundamental promise. By investing in cybersecurity, we&#8217;re not just protecting data; we&#8217;re securing a resilient future where our clients can always trust us.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times. Astrid Daniela Galvez, EA, explains. <\/p>\n","protected":false},"author":144649117,"featured_media":36899,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rkv_browse_by_id":0,"rkv_cta_id":0,"rkv_optimize_for_pagespeed":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"useModifiedDate":false,"customPublishDate":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false},"categories":[116807],"tags":[130072316],"intuit_collection":[],"intuit_series":[],"coauthors":[646041923],"class_list":["post-36897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-practice-management","tag-fraud-and-security"],"header_image":"","yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit<\/title>\n<meta name=\"description\" content=\"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/elements-in-your-written-info-security-plan-wisp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit\" \/>\n<meta property=\"og:description\" content=\"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/\" \/>\n<meta property=\"og:site_name\" content=\"Tax Pro Center | Intuit\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/IntuitAccountants\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-02T14:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Astrid Daniela Galvez, EA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@IntuitAccts\" \/>\n<meta name=\"twitter:site\" content=\"@IntuitAccts\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Astrid Daniela Galvez, EA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/\"},\"author\":{\"name\":\"Astrid Daniela Galvez, EA\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/person\\\/2117522c18219943115545fac34892eb\"},\"headline\":\"8 elements in your Written Info Security Plan (WISP)\",\"datePublished\":\"2024-01-02T14:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/\"},\"wordCount\":976,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg\",\"keywords\":[\"fraud and security\"],\"articleSection\":[\"Practice Management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/\",\"url\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/\",\"name\":\"8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg\",\"datePublished\":\"2024-01-02T14:00:00+00:00\",\"description\":\"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#primaryimage\",\"url\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg\",\"contentUrl\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg\",\"width\":1440,\"height\":600,\"caption\":\"Developing a cybersecurity framework for your firm\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/practice-management\\\/elements-in-your-written-info-security-plan-wisp\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"8 elements in your Written Info Security Plan (WISP)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#website\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\",\"name\":\"Tax Pro Center | Intuit\",\"description\":\"Tax Pro Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\",\"name\":\"Tax Pro Center | Intuit\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Tax_Pro_Center_Logo_Final_large.webp\",\"contentUrl\":\"https:\\\/\\\/taxprocenter.proconnect.intuit.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Tax_Pro_Center_Logo_Final_large.webp\",\"width\":872,\"height\":160,\"caption\":\"Tax Pro Center | Intuit\"},\"image\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/IntuitAccountants\",\"https:\\\/\\\/x.com\\\/IntuitAccts\",\"https:\\\/\\\/www.instagram.com\\\/intuitaccountants\\\/?hl=en\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/intuit-accountants\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/person\\\/2117522c18219943115545fac34892eb\",\"name\":\"Astrid Daniela Galvez, EA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g\",\"caption\":\"Astrid Daniela Galvez, EA\"},\"description\":\"Astrid Daniela Galvez, EA co-founded Accounting Specialists and Business Solutions, LLC, in 2013 with the support of her two sisters. The firm, known for its bilingual (English and Spanish) tax and bookkeeping services, focuses on aiding small business owners, self-employed individuals, start-ups, and entrepreneurs through cloud-based solutions. Astrid is a passionate educator, especially for small business owners in underserved and minority communities.\",\"sameAs\":[\"https:\\\/\\\/asnbs.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/daniela-asnbs\\\/\"],\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/author\\\/astridgalveztax\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit","description":"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","og_locale":"en_US","og_type":"article","og_title":"8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit","og_description":"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.","og_url":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","og_site_name":"Tax Pro Center | Intuit","article_publisher":"https:\/\/www.facebook.com\/IntuitAccountants","article_published_time":"2024-01-02T14:00:00+00:00","og_image":[{"width":1440,"height":600,"url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","type":"image\/jpeg"}],"author":"Astrid Daniela Galvez, EA","twitter_card":"summary_large_image","twitter_creator":"@IntuitAccts","twitter_site":"@IntuitAccts","twitter_misc":{"Written by":"Astrid Daniela Galvez, EA","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#article","isPartOf":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/"},"author":{"name":"Astrid Daniela Galvez, EA","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/person\/2117522c18219943115545fac34892eb"},"headline":"8 elements in your Written Info Security Plan (WISP)","datePublished":"2024-01-02T14:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/"},"wordCount":976,"commentCount":0,"publisher":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization"},"image":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#primaryimage"},"thumbnailUrl":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","keywords":["fraud and security"],"articleSection":["Practice Management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","url":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","name":"8 elements in your Written Info Security Plan (WISP) - Tax Pro Center | Intuit","isPartOf":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#website"},"primaryImageOfPage":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#primaryimage"},"image":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#primaryimage"},"thumbnailUrl":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","datePublished":"2024-01-02T14:00:00+00:00","description":"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times.","breadcrumb":{"@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#primaryimage","url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","contentUrl":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","width":1440,"height":600,"caption":"Developing a cybersecurity framework for your firm"},{"@type":"BreadcrumbList","@id":"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/elements-in-your-written-info-security-plan-wisp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/taxprocenter.proconnect.intuit.com\/"},{"@type":"ListItem","position":2,"name":"8 elements in your Written Info Security Plan (WISP)"}]},{"@type":"WebSite","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#website","url":"https:\/\/accountants.intuit.com\/taxprocenter\/","name":"Tax Pro Center | Intuit","description":"Tax Pro Center","publisher":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/accountants.intuit.com\/taxprocenter\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization","name":"Tax Pro Center | Intuit","url":"https:\/\/accountants.intuit.com\/taxprocenter\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/logo\/image\/","url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2022\/10\/Tax_Pro_Center_Logo_Final_large.webp","contentUrl":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2022\/10\/Tax_Pro_Center_Logo_Final_large.webp","width":872,"height":160,"caption":"Tax Pro Center | Intuit"},"image":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/IntuitAccountants","https:\/\/x.com\/IntuitAccts","https:\/\/www.instagram.com\/intuitaccountants\/?hl=en","https:\/\/www.linkedin.com\/company\/intuit-accountants\/"]},{"@type":"Person","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/person\/2117522c18219943115545fac34892eb","name":"Astrid Daniela Galvez, EA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a71ae3b788181bd6c957a2b45d86d4cd606c3bd33c9effa436141bd30e6f3aa9?s=96&d=identicon&r=g","caption":"Astrid Daniela Galvez, EA"},"description":"Astrid Daniela Galvez, EA co-founded Accounting Specialists and Business Solutions, LLC, in 2013 with the support of her two sisters. The firm, known for its bilingual (English and Spanish) tax and bookkeeping services, focuses on aiding small business owners, self-employed individuals, start-ups, and entrepreneurs through cloud-based solutions. Astrid is a passionate educator, especially for small business owners in underserved and minority communities.","sameAs":["https:\/\/asnbs.com\/","https:\/\/www.linkedin.com\/in\/daniela-asnbs\/"],"url":"https:\/\/accountants.intuit.com\/taxprocenter\/author\/astridgalveztax\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg","jetpack_shortlink":"https:\/\/wp.me\/pazjGh-9B7","jetpack-related-posts":[{"id":17233,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/cybersecurity-a-critical-opportunity-for-advisory-services\/","url_meta":{"origin":36897,"position":0},"title":"Cybersecurity: A critical opportunity for advisory services","author":"Cassidy Jakovickas, CPA","date":"September 19, 2019","format":false,"excerpt":"Helping protect your clients' data and ensuring their information is safe is a key part of providing advisory services. Cassidy Jakovickas, CPA, provides helpful guidance.","rel":"","context":"In &quot;Advisory Services&quot;","block_context":{"text":"Advisory Services","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/advisory-services\/"},"img":{"alt_text":"Security for tax professionals","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":55484,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","url_meta":{"origin":36897,"position":1},"title":"Safeguards Rule and cybersecurity leadership","author":"Luke Kiely","date":"September 13, 2024","format":false,"excerpt":"Learn more about how the FTC's Safeguard's Rule affects cybersecurity at tax and accounting firms. Luke Kiely explains.","rel":"","context":"In &quot;Tax Law and News&quot;","block_context":{"text":"Tax Law and News","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/tax-law-and-news\/"},"img":{"alt_text":"Safeguards Rule and cybersecurity leadership","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":28016,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/best-practices-for-moving-to-the-cloud-cybersecurity\/","url_meta":{"origin":36897,"position":2},"title":"Moving to the cloud: Cybersecurity","author":"Luke Kiely","date":"March 1, 2023","format":false,"excerpt":"Learn how to avoid a data breach in your firm with these three tips from SmartVault's Luke Kiely.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Cybersecurity","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/02\/Cybersecurity.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/02\/Cybersecurity.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/02\/Cybersecurity.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/02\/Cybersecurity.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":57361,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/how-market-competitors-have-become-firm-predators\/","url_meta":{"origin":36897,"position":3},"title":"How market competitors have become firm predators","author":"Luke Kiely","date":"December 6, 2024","format":false,"excerpt":"A silent war is taking place where some service providers now view cybersecurity not just as a defensive practice, but as an offensive tactic to gain an advantage in the market.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"How market competitors have become firm predators","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/11\/How-market-competitors-have-become-firm-predators-copy-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/11\/How-market-competitors-have-become-firm-predators-copy-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/11\/How-market-competitors-have-become-firm-predators-copy-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/11\/How-market-competitors-have-become-firm-predators-copy-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":61058,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/why-soc-2-type-2-compliance-matters-for-accountants\/","url_meta":{"origin":36897,"position":4},"title":"Why SOC 2 Type 2 compliance matters for accountants","author":"Jonathan Young","date":"May 5, 2025","format":false,"excerpt":"Find out why SOC 2 Type 2 compliance is an essential part of choosing an accounting document management solution.","rel":"","context":"In &quot;Tax Law and News&quot;","block_context":{"text":"Tax Law and News","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/tax-law-and-news\/"},"img":{"alt_text":"Why SOC 2 Type 2 compliance matters for accountants","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2025\/05\/Why-SOC-2-Type-2-compliance-matters-for-accountants-copy.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2025\/05\/Why-SOC-2-Type-2-compliance-matters-for-accountants-copy.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2025\/05\/Why-SOC-2-Type-2-compliance-matters-for-accountants-copy.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2025\/05\/Why-SOC-2-Type-2-compliance-matters-for-accountants-copy.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":15705,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/how-to-hire-a-cybersecurity-pro-for-your-tax-practice\/","url_meta":{"origin":36897,"position":5},"title":"How to Hire a Cybersecurity Pro for Your Tax Practice","author":"Intuit Accountants Team","date":"March 18, 2019","format":false,"excerpt":"Hiring a cybersecurity pro is good for your tax practice and helps you protect your clients' data. In this IRS article, get some guidance on how to hire a qualified professional.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Security for tax professionals","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2017\/10\/security1-e1535552671928.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/36897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/users\/144649117"}],"replies":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/comments?post=36897"}],"version-history":[{"count":6,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/36897\/revisions"}],"predecessor-version":[{"id":36975,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/36897\/revisions\/36975"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/media\/36899"}],"wp:attachment":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/media?parent=36897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/categories?post=36897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/tags?post=36897"},{"taxonomy":"intuit_collection","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/intuit_collection?post=36897"},{"taxonomy":"intuit_series","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/intuit_series?post=36897"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/coauthors?post=36897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}