The IRS requirement that tax professionals attest to having a Written Information Security Plan when renewing their Preparer Tax Identification Number.
When tax professionals renew their Preparer Tax Identification Number (PTIN) annually, the IRS asks them to confirm they maintain a data security plan (a WISP) consistent with IRS Publication 4557 and Publication 5708. The attestation is a formal declaration. Tax preparers who attest to having a WISP but do not actually maintain one can face PTIN suspension, EFIN action, and potential perjury exposure on the renewal application.
Studies consistently show that a large share of tax professionals attest to having a WISP without actually maintaining one. The IRS has been clear that attestation without substance is not compliant. The WISP must exist in writing, must reflect the firm's actual operations, and must be reviewed periodically. Cyber insurers and IRS investigators both look for the WISP as the first piece of evidence in any incident review.
The WISP Generator module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA documented set of policies and procedures describing how your firm protects sensitive client data.
IRS guidelines outlining data security requirements and best practices for tax professionals handling taxpayer information.
The IRS Electronic Filing Identification Number can be suspended or revoked for data security failures, taxpayer data breaches, or pattern-of-noncompliance.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy