Here we are… literally almost two months away from the IRS opening up PTIN renewal in October.
It’s the perfect opportunity to make sure you are ready to hit the ground running. Given the routine nature of post-tax season for many, it’s easy to be complacent which can lead to things being overlooked—such as the IRS requirement to have a Written Security Plan in place. That’s right… once you renew your PTIN with Form W-12, you are now required by the IRS to have that plan in place:
In case you need a refresher, here are the requirements as set out by the IRS:
- Pick one or more employees to coordinate the information security program.
- Identify the risks to customer information.
- Evaluate the safety measures for controlling these risks.
- Design and implement a safeguards program.
- Select service providers that can maintain proper safety measures.
- Make sure the contract requires the provider to maintain safety measures and oversees their handling of customer information.
- Regularly monitor and test the program.
- Change the security program as needed. This should happen if any part is outdated, or when employees leave or join the company.
There’s still time for your firm to meet the IRS requirements for a written security plan before you renew your PTIN. Many firms don’t have a specific written plan that meets the criteria that the IRS is looking for. Tax software has excellent security features, but the IRS is looking for a current Information Security Plan based on a Risk Assessment as per the FTC/GLBA (Gramm-Leach-Bliley Act) Safeguards Rule, which isn’t covered by tax software alone.
This rule states that your firm is required to conduct a thorough and accurate Risk Assessment, providing the basis for a detailed Information Security Program (ISP). The ISP needs to be clearly documented in writing in order to comply. Failure to do so can be considered violation of the Tax Code, and result in some hefty penalties including: imprisonment for up to five years, steep fines (up to $100,000 for each violation; with officers and directors potentially being fined up to $10,000 for each violation)—or both. This is nothing to mess around with!
Establishing a plan to cover your bases on the requirements is relatively easy, especially if you utilize a third-party service that will handle the details for you. There are third-party services, such as Securex, that specialize in providing accounting firms with exactly what they need, in the right format, to satisfy the IRS guidelines for a written security plan. Also, check with your tax software provider – some of the software companies are offering this as a service. However, most do not.
You can reduce the risk for your firm and your clients by getting your written security plan in place in time for PTIN renewal! Having a written security plan in place is not only smart practice for your firm, but it also will limit your risk of exposure to IRS fines and penalties (not a good look for any tax practitioner!), and doing so can provide a critical layer of trust and peace of mind for your clients. As a trusted tax professional, it is your fiduciary duty to protect their sensitive personal and financial data to the fullest extent possible. At its core, this is what the IRS Written Security Plan requirement is all about.
Take advantage of this window of opportunity before PTIN renewal to get on top of all of the responsibilities and requirements that come with your professional credentials. Take two hours in the next few days and get your written security plan completed and filed with your PTIN documentation. You’ll have peace of mind and a higher level of security, and your clients and their data will be better protected, too.