Tag: Form W-12

An IRS WISP: Your PTIN is Riding on It

Posted on by Writing for Results

IRS WISP: Protect Your PTIN

An IRS WISP: No Longer Optional

2024 PTIN Renewal Season Is Underway

If you prepare or assist in preparing federal tax returns for compensation, you must have a valid 2025 PTIN before preparing returns. If you are an enrolled agent, you must also have a valid PTIN.  What you also must have is an IRS WISP.  If you checked number 11 on your Form W-12 Renewal, Data Security Responsibilities, and you have a WISP in place, you are compliant.  If you inadvertently checked it but don’t have one or you knowingly checked it but don’t have one, read on.  

What Difference Does It Make If I Don’t Have an IRS WISP?

While it is unlikely you would serve jail time, you could be risking your PTIN and it could be costly as well:

Compliance with the Gramm Leach Bliley Act (GLBA Law) mandates that financial institutions safeguard their customers’ non-public personal information (NPI). 

The penalties for Gramm Leach Bliley Act non-compliance can be significant. GLBA privacy rules are enforced by state attorneys general and the Federal Trade Commission (FTC). Each violation penalty can vary from $100 to $100,000 per day.

If found guilty of willful or careless disregard for GLBA regulations, people and organizations may also be subject to criminal prosecution, fines, and possibly jail time. Comprehensive risk assessments, policies, and ongoing staff training are necessary for effective compliance.  

Contact us About Our IRS WISP 

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam eu dignissim tortor, sit amet bibendum lacus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam eu dignissim tortor, sit amet bibendum lacus.

Whether you are trying to meet the 12/31 deadline or just meet the PTIN requirement, Contact us About Our Compliant IRS WISP 

Our IRS WISP Ensures Compliance

We create custom IRS WISPs for business of all sizes.   Each one is company-specific. This document protects you and it protects your clients and it protects you.  The information below contains not only the IRS requirements or WISP content but the elements in our IRS WISPs that make them exceptional, compliant and comprehensive.
Content Customized For Your Company
Automatic Network Asset Discovery
Risk Assessment and Recommendations
WISP Summaries for Clients and Employees

IRS WISP Requirements

A Written Information Security Plan (WISP) is a valuable asset for organizations for several key reasons:

  • Define the WISP objectives, purpose, and scope
  • Designate a qualified individual
    -List the qualified individual who will coordinate the security programs as well as responsible
    persons.
    -List authorized users at your firm, their data access levels, and responsibilities.
  • Assess Risks
    -Identify Risks
    ▪ List types of information your office handles
    ▪ List potential areas for data loss (internal and external)
    ▪ Outline procedures to monitor and test risks
  • IT Asset Inventory
    -List description and physical location of each item
    -Record types of information stored or processed by each item
  • Document Safety Measures in place
    -Suggested policies to include in your WISP:
    ▪ Data collection and retention
    ▪ Data disclosure
    ▪ Network protection
    ▪ User access
    ▪ Electronic data exchange
    ▪ Wi-Fi access
    ▪ Remote access
    ▪ Connected devices
    ▪ Reportable Incidents
    -Draft Employee Code of Conduct
  • Draft an implementation clause
  • Attachments

Why Our IRS WISP?

Our IRS WISPs contain all of requisite content listed in the adjacent column.   But ours differ from other offerings because a comprehensive, custom document results from as little disruption to your operation as is possible.   These are some of the features of our IRS WISPs.

  • Automatic Network Asset Discovery: Unless you have IT Network Administrator on your staff, finding the IT assets on your network can be difficult.  We have created a way to enable you to do this easily and with no network architecture knowledge required, if you have fewer than 100 assets.  This is usually time-consuming and can be of questionnable accuracy.  It can be tedious enough, in fact, that this critical element is just skipped.
  • Risk Assessment and Recommendations: Once we receive your answers to our questionnaire and the results from your IT Asset Discovery, we will do a risk assessment and make risk mitigation revcommendations for inclusion in your WISP. 
  • Content Customized for Your Company: Whatever the size and nature of your praactice, we create a customized WISP based on your location, your size, your clientele, and how you operate.
  • WISP Summaries for Clients and Employees:  WISP summaries enable you to share with clients and employees the parts of your WISP that are most pertinent to them.  Not all elements of your WISP need to be shared with your clients.  We will create one-page summaries for clients and employees that will provide them with the information they need to have at hand–with the understanding that they can always obtain more if they have questions.

Once you have placed your order, we will get you started with a questionnaire and your IT asset discovery.  

The New Version of IRS Publication 5708

In August, the IRS released an update to Publication 5708Creating a Written Information Security Plan for your Tax and Accounting Practice. In News Release IR-24-208, the IRS notified tax professionals of two significant changes.

  1. A requirement to implement multi-factor authentication
  2. The need to report any “security event” that affects 500 or more people
Order Your IRS WISP 

IRS deadlines are approaching but the imperative for a comprehensive WISP is already here.  Protect yourself and your clients from a devastating, expensive breach of any kind.