A New Data Security Plan for Tax Professionals

The Security Summit partners today unveiled a special new sample security plan designed to help tax professionals, especially those with smaller practices, protect their data and information.

The special plan, called a Written Information Security Plan or WISP, is outlined in a 29-page document that's been worked on by members of the Security Summit, including tax professionals, software and industry partners, representatives from state tax groups and the IRS.

Federal law requires all professional tax preparers to create and implement a data security plan. The Security Summit group – a public-private partnership between the IRS, states and the nation's tax industry – has noticed that some tax professionals continue to struggle with developing a written security plan.

In response to this need, the Summit – led by the Tax Professionals Working Group – has spent months developing a special sample document that allows tax professionals to quickly set their focus in developing their own written security plans.

Security issues for a tax professional can be daunting. The Summit team worked to make this document as easy to use as possible, including special sections to help tax professionals get to the information they need.

A security plan should be appropriate to the company's size, scope of activities, complexity and the sensitivity of the customer data it handles. There is no one-size-fits-all WISP. For example, a sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm, which is reflected in the new sample WISP from the Security Summit group.

Once completed, tax professionals should keep their WISP in a format that others can easily read, such as PDF or Word. Making the WISP available to employees for training purposes is encouraged. Storing a copy offsite or in the cloud is a recommended best practice in the event of a natural disaster.