A documented set of policies and procedures describing how your firm protects sensitive client data.
A Written Information Security Program (WISP) is a formal document required by the FTC Safeguards Rule and IRS Publication 4557 that describes how your firm identifies, protects, and manages sensitive client information. It covers administrative, technical, and physical safeguards specific to your firm's operations, including what data you collect, where it is stored, who has access, and what controls are in place to prevent unauthorized access or breaches.
The FTC Safeguards Rule (16 CFR 314) requires all financial institutions, including tax preparers, CPAs, and accounting firms, to maintain a written information security program. The IRS requires tax professionals to have a WISP as a condition of their PTIN. Without one, your firm risks FTC penalties up to $46,517 per violation, loss of your PTIN, and cyber insurance claim denials. Many firms attested to having a WISP during PTIN renewal but do not actually have one documented.
The WISP Generator module handles this for your firm, personalized to your software, team size, and state requirements.
See Plans & PricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A documented set of procedures your firm follows when a data breach or security incident occurs.
A comprehensive record of all systems, applications, and locations where your firm stores, processes, or transmits client data.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
Plans starting at $99/mo · Billed annually
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy