A documented set of policies and procedures describing how your firm protects sensitive client data.
A Written Information Security Program (WISP) is a formal document required by the FTC Safeguards Rule and IRS Publication 4557 that describes how your firm identifies, protects, and manages sensitive client information. It covers administrative, technical, and physical safeguards specific to your firm's operations, including what data you collect, where it is stored, who has access, and what controls are in place to prevent unauthorized access or breaches.
The FTC Safeguards Rule (16 CFR 314) requires all financial institutions, including tax preparers, CPAs, and accounting firms, to maintain a written information security program. The IRS requires tax professionals to have a WISP as a condition of their PTIN. Without one, your firm risks FTC penalties up to $53,088 per violation, loss of your PTIN, and cyber insurance claim denials. Many firms attested to having a WISP during PTIN renewal but do not actually have one documented.
The WISP Generator module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A documented set of procedures your firm follows when a data breach or security incident occurs.
A comprehensive record of all systems, applications, and locations where your firm stores, processes, or transmits client data.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy