Tips to help tax professionals protect client information
July 22, 2025
Tax professionals are required by law to create a Written Information Security Plan – or WISP – to protect their clients’ data. The IRS and the Security Summit partners have created an easy-to-follow guide that outlines the basics and walks tax professionals through the ins and outs of starting and maintaining a plan.
Creating a WISP
A WISP protects client information most effectively when tailored to the size, scope, complexity and sensitivity of the customer data it handles. A WISP should focus on:
- Employee training and management
- Information systems
- System failure detection and management
WISP requirements
As a part of their security plan, each tax professional needs to:
- Designate one or more employees to coordinate its information security program
- Evaluate the effectiveness of the current safeguards for controlling those risks
- Identify and assess risks to customer information in each relevant area of the company's operation
- Design and implement a safeguards program and regularly monitor and test it
- Contract a service provider that maintains safeguards and handling of customer information
Tax professionals should always be evaluating and adjusting their WISP based on any relevant circumstances or changes or results of security testing and monitoring. For more on security awareness and WISPs, check out the Security Summit summer series.