WISP DIY – Pt. 1

Written by Daniel Curry

January 4, 2023

In 2016 the IRS and the NIST released a list of strongly recommended security processes.  Recently, a part of this list, specifically known as the Written Information Security Plan (WISP), has become mandatory by the IRS for PTIN renewal. 

As an I.T. Services Provider, I strongly recommend hiring a technology expert to create the WISP for most organizations that need it.   But this is not always an option. 

To help those organizations where having the WISP created for them is not an option, here is a series of articles to help those CPA and Tax firms that want to take a more DIY (Do-It-Yourself) process.

Starting the DIY process of creating a WISP will require attention to detail and research as well as investigation on the systems used by those processing taxes for clients.

First, let’s define WHAT the IRS is wanting. 

The IRS is wanting, as an attorney client called it, a ‘near affidavit’ of the implementation of cybersecurity best practices.  This being a signed document, attached to the PTIN  renewal forms and process, makes it a binding document of compliance.

The best practices to be focused on include limiting access to staff, forbidding access to sensitive data to anyone NOT staff, and other steps or processes to ensure sensitive data is limited and protected.

The next installment will begin diving into these steps. 

Divi Meetup 2019, San Francisco

Related Articles

Stay Up to Date With The Latest News & Updates

Access Premium Content

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque

Join Our Newsletter

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque

Follow Us

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque