Regular training for all employees on recognizing phishing, handling client data safely, and following the firm's security policies.
Security awareness training is recurring training delivered to all firm personnel (including seasonal preparers) on common threats and the firm's policies. The FTC Safeguards Rule requires it under 16 CFR 314.4(e), and IRS Publication 4557 reinforces it. Training typically covers phishing recognition, password and MFA practices, safe handling of client data, secure transmission, physical security, and incident reporting procedures. Every session should be logged with date, attendees, topics, and signed acknowledgments.
Training without documentation is training that did not happen as far as the FTC is concerned. The most common compliance gap in this area is informal verbal training that leaves no paper trail. New hires are 71 percent more likely to fall for phishing in their first 90 days, so training must happen before, not after, they get system access. Seasonal staff must be trained too.
The Compliance Academy Training module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A documented set of policies and procedures describing how your firm protects sensitive client data.
Technical and administrative measures that limit who can access which systems and data, based on the principle of least privilege.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy