A WISP is a comprehensive and tailored document that covers all aspects of your tax practice’s data security, from risk assessment and employee training to physical and electronic safeguards and incident response plans. A WISP should be appropriate to the size, scope, and complexity of your business, and should be reviewed and updated regularly to reflect changes in your operations or the threat landscape.
Creating a WISP may seem daunting, but it does not have to be. You can use the sample template provided by the IRS in Publication 5708, Creating a Written Information Security Plan for Your Tax & Accounting Practice, as a starting point. This template was developed by the Security Summit, a public-private partnership between the IRS, state tax agencies, and the tax industry, to help tax professionals, especially those with smaller practices, develop their own WISPs. The template includes examples and explanations of each section of a WISP, and allows you to customize it to suit your specific needs and circumstances.
Having a WISP is not only a legal requirement, but also a sound business practice. A WISP can help you protect your clients’ data and trust, prevent costly breaches and penalties, and comply with industry standards and best practices. A WISP can also help you document your data security efforts for potential cyber insurance providers, regulators, or auditors.
Don’t wait until it is too late to create your WISP. Take advantage of the resources available from the IRS and the Security Summit, and start working on your WISP today. Your clients, your business, and your reputation will thank you.
