WISP Builder is a web-based tool designed to help tax and accounting professionals create, manage, and maintain an IRS-compliant Written Information Security Plan (WISP). It simplifies the process of meeting IRS and FTC cybersecurity requirements using guided templates and secure digital tools.
Any business that handles sensitive client information—especially tax preparers, accountants, and financial professionals—is required by the IRS and FTC to have a Written Information Security Plan in place.
Yes. WISP Builder is specifically designed to meet the requirements outlined in IRS Publication 5708 and FTC Safeguards Rule, helping you stay compliant and avoid penalties.
By guiding you through the creation of a comprehensive security plan, WISP Builder helps identify and mitigate risks to client data, reducing the likelihood of data breaches and ensuring regulatory compliance.
Absolutely. WISP Builder provides a flexible template that you can tailor to the size, structure, and specific needs of your business.
Failure to implement a WISP can result in fines, penalties, and increased risk of data breaches. It may also jeopardize your ability to legally operate under IRS and FTC guidelines.
Yes. WISP Builder includes training resources to ensure your team understands and adheres to your security plan.
Sign up to begin building your IRS-compliant WISP today.
Yes, once you sign up, an account administrator can add or remove users. If you go beyond your contract plan for number of users, you will be automatically moved to the next level plan.
Yes. The administrator is the only one that can add or delete users and establish what parts of the WISP builder they have access to.
No. Acknowledgement and review of the plan is a required function of an IRS WISP. So if you need employees to review and acknowledge your published plan, it is done electronically and these users are not given permanent logins, unless you set them up.
Of course. But given the nature of the service, the annual fee is not refundable. So, use the tool until you move your service elsewhere.
A Written Information Security Plan (WISP) is a documented framework that outlines how your accounting or tax preparation business protects sensitive client data from unauthorized access, use, or disclosure. It includes policies, procedures, and safeguards to meet IRS Publication 4557 and FTC Safeguards Rule requirements. For tax preparers, a WISP is a compliance and cybersecurity necessity—not just a best practice.
Yes. The FTC Safeguards Rule and IRS Publication 4557 require all tax preparers, accountants, and firms—whether you’re a solo practitioner or a large multi-office operation—to have a current and compliant WISP in place.
While the IRS has long recommended data protection, the FTC Safeguards Rule updates effective June 9, 2023 made a written security plan a mandatory compliance requirement for all tax preparers.
The main goal is to protect sensitive taxpayer data, maintain regulatory compliance, and reduce the risk of data breaches. A WISP ensures your business can detect, respond to, and recover from cybersecurity incidents.
A WISP helps tax professionals comply with:
A risk assessment involves:
Safeguards are the measures you put in place to protect client information. Examples include encryption, firewalls, multi-factor authentication, locked file cabinets, restricted user access, and secure shredding of physical documents.
The Incident Response Plan is typically included within your WISP. It outlines steps to take if a data breach occurs—who to contact, how to contain the breach, and required notifications.
Employees must be trained on identifying phishing attempts, handling sensitive information securely, following internal policies, and reporting suspicious activity. Training should be documented and conducted at least annually.
Templates can help you start, but the FTC requires your WISP to be customized to your firm’s size, services, and risks. WISPBuilder.com creates customized, IRS-compliant plans tailored to your operations.
At least annually—or sooner if there are major changes to your technology, staff, or regulatory requirements. Many firms review quarterly to stay ahead of threats.
This should be a knowledgeable person within your firm (or an outsourced professional) who oversees data security, vendor management, and compliance with your WISP. If you are a sole owner you will fill all roles.
Include vendor compliance verification in your WISP. Request proof of security measures, review contracts for data protection clauses, and ensure they meet IRS and FTC standards.
Keep records of:
The IRS may request to review your WISP during an audit or security-related inquiry. They will check for required components, recent updates, and proof of training and incident response planning.
Penalties can include fines, loss of e-file privileges, reputational damage, and in severe cases, legal action. For accountants, the risk of losing client trust is equally significant.
No plan can guarantee zero breaches, but a WISP greatly reduces your risk and limits damage. It also demonstrates compliance, which is critical in mitigating penalties if an incident occurs.
Yes. Software providers secure their platforms, but your firm is still responsible for how client data is accessed, stored, and transmitted within your environment.
No filing is required. However, you must have a documented plan readily available for inspection during audits or investigations.
Your WISP should include policies for secure remote access, encrypted devices, VPN usage, and data handling procedures outside the office.
Include vendor security vetting, strong authentication methods, encrypted data transfers, and regular backups.
Most cybersecurity insurance providers require proof of data protection measures, including a WISP, to approve coverage or process claims.
Using a generic template without customization
Failing to review and update regularly
Overlooking vendor compliance
Not training employees consistently
You can access WISP templates, compliance checklists, and expert guidance at WISPBuilder.com — the easiest way for tax professionals to build and maintain an IRS-compliant Written Information Security Plan.