Practice Management Completing your WISP for PTIN renewal Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Jonathan Young Modified Nov 13, 2024 2 min read A Written Information Security Plan (WISP) is required for all PTIN or tax preparers, regardless of how many clients you may have, in conjunction with the FTC Safeguards rule. A well-maintained WISP is not only a requirement under federal law, but an invaluable tool for identifying and mitigating potential security risks in your practice. In this article, we’ll guide you through the essentials of updating your WISP to ensure it aligns with PTIN renewal requirements and the latest security best practices. What should be included in the WISP? When writing your WISP, consider your company’s size, complexity, and scope. A large firm will have a longer, more robust plan than a smaller firm—so there isn’t a one-size-fits-all approach. However, there are three key areas each WISP should include: Employee management and training Information systems and technology Detecting and managing system failures Ensure your WISP covers, and includes, the following elements: Objectives, purpose, and scope of your WISP. Designate who is responsible for creating, coordinating, and implementing your program, as well as list your authorized staff, their responsibilities, and what data they can access. Assess current risks and detail the types of information your firm handles, if you have any areas of potential data loss, and how you monitor and test these risks. List the hardware you use for work and where each piece is located (on the cloud, in your primary office, at a staff member’s home, or other places. Detail your Employee Code of Conduct and your document safety policies, including those for: Data collection, retention, and disclosure. User access on-site and remotely. Network protection, Wi-Fi access, and connected devices. Electronic data exchange. Reportable incidents. Include a signed implementation clause that states when you executed the WISP. Download a free checklist With information such as your clients’ names, Social Security numbers, financial data, and addresses, thieves can steal their identities, file fraudulent tax returns, apply for loans, and more. Use this checklist to confirm your WISP complies with federal requirements and includes recommended details. Get WISP and compliance templates FREE with your SmartVault subscription Sign up to SmartVault’s Unlimited plan, and get access to WISP and compliance templates written by our chief information security officer, as well as unlimited eSignatures, KBAs, storage and more! Sign up for a demo today. Previous Post Consultant Spotlight: John Trammell Next Post Consultant spotlight: Kim Gallahan-Clayton Written by Jonathan Young Jonathan Young is vice president of marketing at SmartVault, and has 15+ years of experience growing businesses through detailed and robust go-to-market strategies. Since joining SmartVault, Jonathan has submerged himself in the accounting industry, learning about current technology trends, analyzing the accounting landscape and understanding compliance regulations to ensure firms are safeguarding their customer information and scaling for growth through process efficiencies. Jonathan prides himself on leading high-performing teams and leveraging data-driven strategies, and driving engagement and revenue growth, while fostering a collaborative and innovative work culture. More from Jonathan Young Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Notify me of new posts by email. Δ Browse Related Articles Practice Management Top 7 advantages of choosing a firm niche Advisory Services Your firm: Maximizing value over volume Practice Management ProSeries® Tax spotlight: Nayo Carter-Gray, EA, MBA Practice Management Consultant Spotlight: Katherine Weiler Webinars Technology and Your Clients: Dec. 19 Webinars Escalating IRS Correspondence: Dec. 17 Webinars Intuit Hosting Hacks: Dec. 18 Webinars 5 Tips to Automate Tax Season: Dec. 17 Webinars SafeSend + Intuit = Engagement: Dec. 10 Webinars What’s New in ProConnect: Dec. 10