TPN Rewind: IRS WISP Requirements


There may not be significant new tax legislation coming down the pipeline this tax season compared to the last two years. The IRS is not giving practitioners a break, though. Written security plans are required to be in place for anyone with a PTIN. See IRS Publications 4557 and 5708.

The requirements for written information security plans (WISP) came out in August of this year following the “IRS Security Summit.” The IRS currently offers a 29-page document in publication 5708 detailing the requirements of practitioners, including a template to use in building your own plan.

Tech4Accountants also recently released a free and comprehensive template that can be found HERE:

If you are looking for more support in ensuring that your plan was built well and within the guidelines of the new requirements, Tech4Accountants also is offering varying levels of consulting support.

In truth, practitioners should have long had these plans in place, given that our files contain much protected personal information in other industries governed strictly by HIPPA laws. The daunting task of IT, though, can sometimes be prioritized behind our workloads. The plans focus on security, such as requirements for 2FA and password protections, and best practices should a disaster or security breach occur.

Part of the plan’s checklist also includes an insurance assessment. This should encourage many of us to look at whether or not we are properly insured against a cybersecurity threat.

The IRS security summit team was quoted as saying, “We have tried to stay away from complex jargon and phrases so that the document can have meaning to a larger section of the tax professional community,” Campbell says. “It is not intended to be the final word in Written Information Security Plans, but it is intended to give tax professionals a place to start in understanding and attempting to draft a plan for their business.”

While its unclear what the consequences are if a firm doesn’t immediately pass all the sections of the plan, it is clear that the expectation is all practices begin the minimum step of completing the checklist and writing a plan to address any potential failures.

Like what you’re reading?

Subscribe to our FREE newsletter and we’ll deliver content like this directly to your inbox.