With the changes the IRS has made to PTIN applications in the last few years, every PTIN holder is required to have a Written Information Security Plan (WISP) on file. But crafting your own WISP can be a daunting task. Most tax and accounting professionals don't even know where to begin.

At Protection Plus, we want to ensure that tax and accounting professionals are protected from all angles. That's why we've created a simple and easy tool that helps you build a WISP tailored to your firm based on IRS Publication 5708. Before we jump to our WISP building tool, let’s go over some of the basics:

WISP stands for "Written Information Security Plan," and it’s like your company’s wall of security. It lays out all the steps, tools, and rules you’ve got in place to keep sensitive info safe. Think of it as a roadmap that shows how you protect data and fend off security threats—it’s your blueprint for building a strong defense.

A WISP helps businesses handle personal information securely and comply with data security laws. It protects sensitive data like Personally Identifiable Information (PII) to prevent identity theft and build trust. It reassures stakeholders that the company is safeguarding data and offers a customized plan to protect both client information and the business from cyber threats.

The WISP is your go-to guide for keeping things secure and compliant. It covers all the must-have areas, like following laws on biometric data (think fingerprints or face scans) and setting clear rules for how things are managed. Data should be locked down with encryption, whether it’s sitting still or on the move. Here are a few terms and actions that will be helpful to familiarize yourself with before diving into creating your WISP:

• You’ll need a Data Security Coordinator/DSC (basically, the security boss) to ensure smooth operation.
• You’ll also need a plan to handle security incidents quickly, with a Public Information Officer/PIO (the person who shares updates with the public) ready to communicate if needed.
• Strong IT risk management is also key to spotting and stopping threats before they cause trouble.
• Keeping an up-to-date list of assets is important for knowing what needs protecting.
• Employees should be regularly trained on security and have proper access controls in place.
• Two-factor authentication (that extra layer of security where you need both a password and a code) is a must to protect sensitive data.
• Continuous network monitoring, tough firewall setups, and a strong password policy are all essential.
• Don’t forget remote access rules and business continuity plans to keep things running smoothly no matter what. This framework makes sure your organization stays safe, secure, and in compliance with IRS and FTC regulations.

Build Your Free WISP Tool with Protection Plus

Our handy WISP tool will guide you through all the essential components of a WISP, ensuring you cover everything you need. Just answer the questions in our tool, and in the end, you'll be able to download a WISP that accurately reflects the security measures you are implementing. It's that easy, and it's completely free. This WISP is crafted from the official template released in IRS Publication 5708, so you can trust it’s reliable and effective.

To get the most out of this process, we recommend setting aside about 30 minutes to complete the questionnaire. It’s a small investment of time that can lead to significant benefits for your business. At Protection Plus, we’re dedicated to helping you safeguard your business and ensure compliance—so take advantage of this valuable resource today!

If you’re ready to start building your WISP, click here to visit our tool.  

Learn more at eroewisp.com/article.

Hayley Bales

Protection Plus

September 2024