WISP


IRS Mandates Annual Written Information Security Procedures (WISP) for All PTIN Holders


IRS Mandates Annual WISP Compliance for PTIN Holders: Secure Your Practice Today

As a professional tax preparer with a PTIN, safeguarding your clients’ sensitive information isn’t just a best practice—it’s now an IRS requirement. The agency has mandated that all PTIN holders establish and maintain Annual Written Information Security Procedures (WISP) to protect confidential data from cyber threats, identity theft, and unauthorized access.

Why WISP Matters:

Stay Compliant: Avoid penalties and maintain good standing with the IRS.

Protect Client Data: Strengthen data security to prevent costly breaches and identity theft.

Build Trust: Demonstrate your commitment to safeguarding personal and financial information.

Get Started with WISP

We specialize in helping PTIN holders navigate the annual WISP mandate. From drafting customized security policies to implementing best-in-class cybersecurity protocols, our experts ensure you’re fully compliant—so you can focus on providing top-notch tax services.

Ready to Secure Your Practice?
Stay ahead of evolving IRS regulations with a comprehensive Written Information Security Plan tailored to your needs. Contact us today to learn how we can help you meet IRS requirements and protect what matters most: your clients.

Welcome to Your Guide for IRS-Mandated Written Data Security Procedures (WISP)

Annual WISP Requirements: Protect Client Data and Comply with IRS Regulations

The IRS now mandates that all PTIN holders, Tax Preparers, and EROs implement an annual Written Information Security Procedures (WISP). This crucial measure ensures your business meets federal compliance standards while safeguarding sensitive client information. A documented WISP reinforces your commitment to protecting Personally Identifiable Information (PII), solidifying trust with clients and regulators alike.


Why Must the WISP Be Written?

A written WISP outlines clear, actionable steps for maintaining data security. By formally documenting protocols, your firm:

  • Ensures every employee understands their responsibilities
  • Demonstrates compliance in the event of an IRS audit
  • Establishes a consistent, repeatable approach to cybersecurity

Do All Employees Need to Sign the WISP?

Absolutely. Every team member must review and sign the WISP to confirm they understand and will follow established security practices. This collective commitment ensures:

  • Unified compliance with IRS regulations
  • Accountability for safeguarding sensitive data
  • Regular updates to keep pace with evolving security threats

Key Roles in Implementing a WISP

Data Security Coordinator (DSC)

The DSC spearheads the creation, implementation, and maintenance of the WISP. Responsibilities include:

  • Conducting risk assessments
  • Ensuring ongoing compliance with data security standards
  • Coordinating employee training and awareness

Public Information Officer (PIO)

The PIO handles communication about your organization’s data security policies:

  • Maintains transparency with clients regarding how their data is protected
  • Addresses concerns or inquiries about data breaches and security incidents

Personally Identifiable Information (PII)

Your WISP must identify and secure all PII collected and handled, including:

  • Social Security Numbers
  • Financial details
  • Contact information (addresses, phone numbers, email)

By proactively detailing how PII is stored, accessed, and protected, you demonstrate a robust commitment to client privacy and IRS compliance.


Stay Compliant and Protect Your Clients
Meeting the annual WISP requirement is more than a regulatory obligation—it’s an integral part of running a secure and reputable tax practice. Make sure your written WISP is comprehensive, up-to-date, and actively enforced to maintain client trust and IRS compliance year-round.


Key Roles in Implementing a WISP

  1. Data Security Coordinator (DSC)
    The DSC oversees the development, implementation, and maintenance of the WISP. This includes conducting regular risk assessments, ensuring compliance with data security standards, and coordinating employee training to address potential vulnerabilities.
  2. Public Information Officer (PIO)
    The PIO handles communication about the organization's data security policies, both internally and externally. This role ensures transparency with clients regarding how their sensitive information is protected and addresses any inquiries or incidents involving data breaches.
  3. Personally Identifiable Information (PII)
    The WISP must identify and secure all PII handled by the organization, including sensitive client data managed by PTIN holders, Tax Preparers, and EROs. PII includes Social Security Numbers, financial details, addresses, and other private information critical to tax preparation.

Protect Your Business and Clients with a Comprehensive WISP

Developing and implementing a WISP is not just a regulatory requirement—it’s a vital step in protecting your business and clients. Appointing a DSC and PIO, training employees, and securing client PII are essential components of staying compliant and maintaining trust. Regularly updating your WISP ensures your business remains resilient against evolving cybersecurity threats.

Start today by creating your IRS-mandated WISP. Stay compliant, protect sensitive data, and build a secure future for your business.

 


Customize your WISP Template with 50 Agreements, Checklists & Documents Fillable only $29 - Login now!

Contact Us for Written Data Security Plan payment processing

Our office

Today Payments Merchant Services
2305 Historic Decatur Road, Suite 100
San Diego, CA 92106