//IRS WISP & GLBA Compliance

WRITTEN INFORMATION
SECURITY PLAN.

The IRS requires every paid tax preparer to maintain a written information security plan (WISP). Simply IT produces the document, implements the safeguards, and runs the program — mapped to FTC Safeguards Rule + GLBA so one implementation serves multiple audits.

Pub 5708 + Pub 4557 aligned. No long-term contracts — 90-day notice. Local Florida team.

Get a WISP Readiness CheckCall Now: (352) 723-5003
//What's in a WISP

SIX CORE ELEMENTS
IRS REQUIRES.

1. Designated Security Coordinator

A named individual responsible for the WISP. Documents who owns the program, signs the policy, and gets called when an incident happens. Required by Pub 5708 and FTC Safeguards.

2. Risk Assessment

Written assessment identifying foreseeable risks to client data — internal threats, external threats, system failures. Reviewed annually and after any material change to your tooling.

3. Safeguards (Access, Encryption, MFA)

Access control with least-privilege, encryption at rest + in transit, MFA on every account that touches taxpayer data, secure file-transfer + portal use, anti-malware + EDR.

4. Service Provider Oversight

Written contracts and due-diligence procedures for software vendors, cloud providers, e-filing systems, and IT providers. Includes a documented data-flow diagram.

5. Incident Response + Breach Plan

Documented procedure for detection, containment, IRS notification (e-Services Quick Alerts + Stakeholder Liaison), state notification (FIPA 30-day clock), and client notification.

6. Employee Training + Program Updates

Annual cybersecurity training for everyone with access to taxpayer data, signed acknowledgments, plus periodic program reviews. Documented in the WISP itself.

//Who It's For

FLORIDA TAX +
FINANCIAL PROFESSIONALS.

Tax Preparers + PTIN Holders
IRS Pub 5708 and Pub 4557 require every paid tax preparer to have a written WISP. The IRS treats this as the minimum bar; failure to maintain one is a circular-230 exposure.
Learn More
CPA Firms + Accounting Practices
GLBA + FTC Safeguards Rule (2023 update) apply to most accounting firms. A WISP often serves double duty as the InfoSec program required by Safeguards.
Learn More
Financial Advisors + Bookkeepers
Anyone handling client financial data — bookkeepers, financial planners, insurance agencies — falls under GLBA. WISP + FTC Safeguards alignment is the standard.
Learn More
//Why Simply IT

WISP DONE
BEFORE TAX SEASON.

Document-Ready WISP

We produce a written WISP tailored to your firm — not a generic Word doc. References Pub 5708 elements, identifies your specific safeguards, lists your real vendors. Auditor- and IRS-ready.

Maps to FTC Safeguards Rule

Same controls satisfy both the IRS WISP requirement AND the FTC Safeguards Rule. One implementation, two compliance outputs. We also produce both written programs.

Tax-Season-Ready Incident Plan

Tax season makes a bad time worse. Our IR plan covers IRS e-Services notification path, state AG notification, client comms templates, plus a documented client-data inventory.

← Back to All Compliance Frameworks
IT'S SIMPLE

YOUR WISP, READY FOR THE IRS.

Written plan + implemented safeguards + IR plan — mapped to FTC Safeguards + GLBA.

Get a WISP Readiness Check
READY TO GET STARTED?

Talk to a Simply IT specialist about your WISP + FTC Safeguards alignment — no obligation.

By submitting you consent to be contacted by Simply IT via phone, email, or SMS. Reply STOP to opt out of SMS at any time. Privacy Policy

Or call us directly: 352-723-5003