Compliance
that fits your firm.

WISP, risk assessment, incident response, vendor management, and continuous control testing. Tailored to your firm, kept current automatically, written so your insurer, the IRS, or your client can read it. Three tiers, starting with the WISP for $499.

See how it works
Get your WISP for $499Then $99/year
Built for CPA firms, not enterpriseAligned with FTC and IRS Pub 4557Stays current automaticallyUnder an hour to a downloadable WISP
Your stackLast sync: 2 min ago
Written Information Security Plan

Auto-updated 2 days ago

Risk Assessment

Quarterly review on file

Incident Response Plan

Annual reaffirmation

Vendor and Third-Party Inventory

14 vendors tracked

Current and shareable
FTC Safeguards RuleIRS Pub. 455750 state coverage
The Kompflow platform

One platform.
The program you will actually run.

Kompflow is not a single document and not a generic GRC suite. It is the set of compliance deliverables a CPA firm actually needs, generated from your firm's answers and kept current as regulations and your firm change.

Written Information Security Plan

Aligned with FTC Safeguards (16 CFR 314) and IRS Pub. 4557. Tailored to your firm.

Risk Assessment

Guided. Plain language. Drives your WISP and your remediation plan.

Gap Analysis and Remediation

What to fix, in what order, with prompts and explanations.

Incident Response Plan

Scenario-specific playbooks: ransomware, lost device, wire fraud, breach.

Vendor and Third-Party Assessment

Inventory, security posture, contract evidence. One place per vendor.

Insurance Gap Assistant

Answer cyber insurance questionnaires in your firm's actual posture, not boilerplate.

Compliance Academy

Team training tied to your WISP. Records kept for insurers and the IRS.

Framework View and Control Testing

GRC-style structure, control mapping across frameworks, continuous evidence.

Each deliverable is generated from your firm's answers and kept current automatically.

No templates, no boilerplate, no copy and paste from someone else's firm.

Three tiers, three ways in

Pick where to start

Kompflow WISP starts today. You buy it, you get your WISP. Kompflow Starter and Kompflow Professional are in a selective rollout. We onboard each firm directly so the platform fits how you actually work.

Start today

Kompflow WISP

For firms that need a working WISP for IRS PTIN attestation, cyber insurance, or basic FTC Safeguards documentation.

$499first year

then $99/year

  • Guided wizard produces your WISP
  • FTC 314 and IRS Pub. 4557 aligned
  • Downloadable PDF, secure storage
  • Annual review reminder
  • Auto-updates when regulations or your firm change
Get your WISP

30-day money-back guarantee on Kompflow WISP.

Most asked aboutContact us

Kompflow Starter

For firms that need ongoing compliance management beyond a single document.

$249/month

billed monthly

  • Everything in Kompflow WISP
  • Risk assessment and gap analysis
  • Guided remediation plan
  • Incident Response Plan generator
  • Vendor assessment and Insurance Gap Assistant
  • Compliance Academy training
Contact us

Selective rollout. We respond within 2 business days.

Contact us

Kompflow Professional

For growing firms that need continuous control evaluation and a framework view, not just an annual review.

$499/month

billed monthly

  • Everything in Kompflow Starter
  • Framework view, GRC structure
  • Control mapping across frameworks
  • Continuous control testing and evidence
  • Built for firms with audit or oversight
Contact us

Selective rollout. We respond within 2 business days.

Full pricing and comparison
When firms come to us

Four moments.
One document answers all of them.

Every CPA firm gets here for one of these reasons. The good news is you do not need four different deliverables. You need one current WISP that holds up to all four readers.

IRS PTIN renewal

The IRS asks tax preparers to attest to having a written security plan. Most attest yes. Most do not have one that holds up if questioned.

Cyber insurance

Carriers want documented policies, risk-aware controls, and a current WISP. Without them the application stalls or the premium spikes.

Client security questionnaire

A larger tax client asks how you protect their data. Without a WISP and a security summary you can attach, the relationship gets awkward fast.

FTC Safeguards threshold

Cross 5,000 client records and the rule changes shape: written IRP, vulnerability testing, board reporting. The work multiplies. Kompflow has a tier for that.

Why Kompflow

Templates go stale.
Your program does not.

Most WISP products assume you comply. Kompflow asks. The difference shows up the first time an insurer or the IRS reads what you produced.

Template-based WISPs

  • Generic policies you have to read to figure out what they actually mean
  • Says your firm has controls in place without ever asking whether you do
  • Goes stale the day you ship it
  • Looks fine in a Word doc, falls apart in front of an auditor

Kompflow WISP

  • Guided wizard interviews your firm in plain language, then produces a WISP that reflects what you actually do
  • Aligned to IRS Publication 4557 and FTC Safeguards Rule, with state breach-law context for all 50 states
  • Updates itself when regulations or your firm changes; annual review reminder
  • Defensible. Every section ties back to what you told us about your firm
Trust and security

Built like the program it produces.

Your firm's documents describe how you protect taxpayer data.
We hold them to the same standard you would.

Always encrypted

TLS 1.2+ in transit, AES-256 at rest. Your WISP and supporting data are not stored in plain text.

MFA by default

Every account is protected with multi-factor authentication.

Deletion you control

Cancel anytime. You have 15 days to export your data. After that, it is permanently deleted.

We do not read your plans

We do not mine your WISP or sell access to your data. Your documents are yours.

FAQ

A few things firms ask first.

Everything you need to know about Kompflow. If we missed something, ask.

Which plan is right for my firm?
Choose Kompflow WISP if your firm needs a Written Information Security Plan and you want a one-time purchase with annual maintenance. Choose Kompflow Starter if your firm wants ongoing compliance management, including risk assessment, gap analysis, remediation plans, vendor evaluation, and the Insurance Gap Assistant. Choose Kompflow Professional if your firm is growing and needs continuous control testing and a structured framework view of your compliance program.
What is the difference between Kompflow WISP and the Starter plan?
Kompflow WISP gives you a working Written Information Security Plan, secure storage, and automatic updates when regulations or your firm changes. It is meant for firms that need a compliant WISP and want a one-time purchase. Kompflow Starter is for firms that need ongoing compliance management beyond the WISP itself: guided risk assessment, gap analysis, remediation plans, vendor evaluation, Incident Response Plan, and the Insurance Gap Assistant.
Can I upgrade later?
Yes. You can upgrade from Kompflow WISP to Starter or Professional at any time. When you upgrade, your firm data and WISP carry forward into the new tier. Contact us to upgrade.
Can I pay monthly?
Kompflow Starter and Kompflow Professional are billed monthly. Kompflow WISP is a one-time annual payment ($499 first year, $99/year after) because regulations require an annual review of your security program.
What happens if I cancel?
For Kompflow WISP: you can cancel anytime. You have 15 days to export your WISP and data after cancellation. After 15 days, your account and data are deleted. For Kompflow Starter and Professional: cancel anytime and access continues through the end of the current month.
Is Kompflow truly aligned with FTC and IRS requirements?
Yes. Kompflow is aligned with the FTC Safeguards Rule (16 CFR 314) and IRS Publication 4557. WISPs include state-specific breach notification context for all 50 states.
I already have an MSP. Why do I need this?
Your MSP handles technical security like firewalls, antivirus, and backups. FTC and IRS rules require documented governance: written policies, risk assessments, training records, and audit trails. That is the gap Kompflow fills.
Do you offer refunds?
Kompflow WISP includes a 30-day money-back guarantee. The refund window closes the moment you download any version of your WISP, including drafts. Starter and Professional do not include a money-back guarantee at this stage; you can cancel at any time with access through the end of the current month.

Still have questions?

Contact us

For MSPs and vCISOs

Manage compliance for multiple CPA firms?

Kompflow's Partner Portal gives you a cross-client dashboard, white-label reporting, team access, and a step by step process across every client at once.

For MSPsFor vCISOs
Ready when you are

Pick where to start.

Buy the WISP yourself if you need the document.
Talk to us if you want the platform.

Get your WISP for $499Learn how Starter and Professional work
30-day money-back on Kompflow WISPCancel anytimeNo setup fees on any tier

We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy