Tips to help tax professionals protect client information

from the IRS

Tax professionals are required by law to create a Written Information Security Plan – or WISP – to protect their clients’ data. The IRS and the Security Summit partners have created an easy-to-follow guide that outlines the basics and walks tax professionals through the ins and outs of starting and maintaining a plan.

Creating a WISP

A WISP protects client information most effectively when tailored to the size, scope, complexity and sensitivity of the customer data it handles. A WISP should focus on:

• Employee training and management
• Information systems
• System failure detection and management

WISP requirements

As a part of their security plan, each tax professional needs to:

• Designate one or more employees to coordinate its information security program
• Evaluate the effectiveness of the current safeguards for controlling those risks
• Identify and assess risks to customer information in each relevant area of the company's operation
• Design and implement a safeguards program and regularly monitor and test it
• Contract a service provider that maintains safeguards and handling of customer information

Tax professionals should always be evaluating and adjusting their WISP based on any relevant circumstances or changes or results of security testing and monitoring. For more on security awareness and WISPs, check out the Security Summit summer series.

More information:

• Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice
• Publication 5709, How to Create a Written Information Security Plan for Data Safety
• Publication 5293, Data Security Resource Guide for Tax Professionals