A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
A control register (or control catalog) is a comprehensive list of security controls that your firm is expected to maintain, organized by domain (access controls, data protection, incident response, etc.) and mapped to the specific regulatory requirements they satisfy. For CPA firms, Kompflow's control register includes 58 controls mapped to both the FTC Safeguards Rule and IRS Publication 4557. Each control has a testing status, evidence attachments, evaluation results, and remediation tracking.
A control register transforms compliance from a vague aspiration into a concrete, measurable program. It shows regulators and auditors exactly which controls you have in place, how they map to requirements, and when they were last tested. Without one, firms often have security measures in place but cannot demonstrate compliance when asked. The control register is also the basis for evidence testing cycles that prove your controls actually work.
The 58-Control Register module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
The person designated to oversee and be accountable for your firm's information security program, as required by the FTC Safeguards Rule.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy