A starting-point document for a Written Information Security Plan, useful as a structural outline but never sufficient as a finished WISP.
A WISP template is a generic outline of policies and procedures intended as a starting point for a firm's own Written Information Security Plan. The IRS publishes a sample WISP within Publication 4557. Industry associations and vendors publish other templates. A template provides structure but does not by itself constitute a compliant WISP because it does not reflect the specific systems, vendors, data flows, or risks of any particular firm. The FTC Safeguards Rule requires a WISP based on a documented risk assessment, which is firm-specific by definition.
Templates are valuable for organizing the work, but firms that adopt a template verbatim without tailoring it run two risks. First, the WISP describes controls the firm does not actually operate, which creates evidence of misrepresentation in a regulatory inquiry. Second, the WISP misses controls the firm does operate, which fails to give the firm credit. A working WISP must be tailored to your tax software, your data inventory, your team size, and your state breach notification obligations.
The WISP Generator module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA documented set of policies and procedures describing how your firm protects sensitive client data.
IRS guidelines outlining data security requirements and best practices for tax professionals handling taxpayer information.
A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy