A guided wizard interviews your firm in plain language, then generates a Written Information Security Plan tailored to your tax software, your team, and your state. Aligned with FTC Safeguards (16 CFR 314) and IRS Publication 4557.
This plan documents the administrative, technical, and physical safeguards Smith & Co. CPAs maintains to protect customer information under the FTC Safeguards Rule (16 CFR 314).
Taxpayer data classified as Restricted. Stored in Drake Tax, OneDrive (firm tenant), and physical client files. Off-firm access requires VPN and MFA.
Within 1 hour of detection, the Qualified Individual notifies the response team. Affected client notification within 30 days per state breach laws.
Eleven sections total. Generated from your wizard answers.
The wizard produces a complete document with these sections, tailored to what your firm actually does. Nothing copy-pasted from someone else's firm.
What the plan covers, who owns it, when it was last reviewed.
What data you handle, what could go wrong, where your gaps are.
Where taxpayer data lives, who can reach it, how it is classified.
Who can access what, multi-factor authentication, account lifecycle.
Data in transit and at rest, including your tax software and email.
What activity gets logged, how long it is retained, who reviews it.
What you do if something goes wrong. Contacts, timelines, escalation.
Your tax software, your MSP, your email host. Each one accounted for.
What your team learns, how often, and how you keep the records.
How taxpayer data leaves your firm at end of retention.
The specific notification timelines for every state your clients live in.
When the WISP gets reaffirmed, by whom, and what triggers a refresh.
Each section is generated from your wizard answers, then kept current by Kompflow when regulations or your firm change. Your insurer, the IRS, or your client gets the same document, current.
Plain-language wizard, generated WISP, automatic updates over time.
A short guided interview about your firm: what data you handle, who can access it, which software you use, how your team works. Plain language, no compliance jargon.
Kompflow generates your Written Information Security Plan, tailored to what you told us. Aligned with IRS Publication 4557 and the FTC Safeguards Rule. Downloadable PDF, ready for your insurer, the IRS, or your clients.
When regulations change or your firm changes (added staff, new systems, new vendors), Kompflow updates your stored WISP. Annual review reminder when it is time to reaffirm.
Firms that need a working WISP without committing to a full compliance platform.
You handle taxpayer data, your insurer is asking for documentation, and you need a defensible WISP without paying a consultant $5,000.
The IRS asks tax preparers to attest to having a written security plan. Kompflow WISP gives you a real one, not a template.
Carriers want documented policies, risk-aware controls, and proof of an active security program. Your Kompflow WISP gives you the paper trail they ask for.
When a tax client asks how you protect their data, point them at your WISP. It is the answer to most of their questions.
One purchase. Your WISP. A platform that keeps it current.
$499 today covers your first year, including the wizard, your WISP, secure storage, annual review reminder, and automatic policy and firm updates.
Starting in year 2, $99/year keeps your WISP current. Cancel anytime.
If you decide Kompflow WISP is not for you within 30 days of purchase and you have not downloaded any version of your WISP, we will issue a full refund. Refund requests are submitted via email to our support address. They are processed manually.
Refund eligibility ends the moment you download any version of your WISP, including drafts. Any download closes the refund window. We do this because once you have the document, the work is delivered.
You can cancel your Kompflow WISP account at any time. On cancellation, you have 15 days to export your WISP and any related data. After the 15-day export window, the account and all stored data are permanently deleted.
If you previously cancelled and want to use Kompflow again, the $499 first-year fee applies again. There is no partial reinstatement.
Your $499 at checkout is billed as two line items at the same time. Both appear on your card statement and your Stripe receipt.
The setup fee is one-time. It does not renew.
Under an hour from now you can have a complete, defensible Written Information Security Plan.
Need ongoing compliance management instead? See Kompflow Starter and Professional
Plain-English definitions of every term your insurer, the IRS, or your client might raise.
The Written Information Security Plan defined, plus why CPA firms need one.
GlossaryWhat 16 CFR 314 requires of accounting firms and tax preparers in 2026.
GlossaryTax-professional data security guidelines and the WISP attestation tie-in.
GlossaryWizard-based setup from firm profile to compliant program in under a day.
GuideWISP self-serve, Starter, and Professional side by side.
GuideLong-form explainer of what changed in 2023 and why it matters now.
BlogWe use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy