IRS WISP Requirements, Explained
Understand clearly what the IRS expects to see in your data security plan.
Ensure compliance easily. Download our free IRS-approved WISP template today.
A Written Information Security Plan (WISP) is not optional—it’s mandatory. If you prepare taxes professionally, federal law requires you to document precisely how you secure sensitive taxpayer information.
Federal Regulations You Must Follow:
According to IRS Publication 4557 and the FTC Safeguards Rule (updated June 2023), every paid tax preparer must:
Conduct detailed risk assessments regularly.
Implement strict access control measures to secure taxpayer data.
Train employees regularly on cybersecurity awareness and best practices.
Follow rigorous data disposal procedures for both physical and digital records.
Have a clear and actionable Incident Response Plan for data breaches.
Regularly review and update your security protocols to adapt to new threats.
Risks of Non-Compliance:
Ignoring these rules puts your business at severe risk:
Loss of PTIN—without it, you can’t legally operate.
Heavy federal fines and penalties (up to $100,000).
Legal liability and costly lawsuits from breaches.
Immediate loss of client confidence and business.
IRS & FTC Safeguards Compliance
Antivirus & Endpoint Detection
Ensure all endpoints have advanced antivirus and threat detection capabilities.