IRS WISP Builder Tool | Documenting IRS WISP Changes for Accountants: What to Keep and How to Track It
Demo
Log in
Resources & News

Documenting IRS WISP Changes for Accountants: What to Keep and How to Track It

September 11, 2025
IRS WISP Builder Tool | Documenting IRS WISP Changes for Accountants: What to Keep and How to Track It

IRS WISP is a “Living” Document

Everyone has a junk drawer in their house filled with odds and ends from kitchen manuals to batteries to random keys and cords.  If you are brave enough to clean out your junk drawer, chances are that you will find that the majority of items tucked away inside it are obsolete and end up in the trash.  This goes to show that when you file away something with the intent of it being “out of sight, out of mind”, it’s forgotten. A Written Information Security Plan, or WISP, is too important to be forgotten.  The risks are too high with data breaches on the rise and the threat of non-compliance penalties brewing at the IRS.  This is why you can’t just create a WISP, stick it in a drawer, and forget about it if you want a worry-free life.  As a WISP is “living” document, you must regularly update it with changes in personnel, technology, or business processes at least annually, and more often for large firms. Making sure that you are documenting these changes is also important to keep security top of mind and stay compliant.

Why should you record document changes to your WISP?

Because its IRS-mandated.

No one relishes additional complications of proving compliance to the IRS if they are unprepared for an audit or response to a data breach.  This is why it’s critical to not only make the required annual updates to maintain your WISP, but also to document changes to show your firm’s commitment to transparency and proactiveness. Plus, when your company is detailed in its documentation you will help new employees get up to speed quickly. Consistent updates and documentation keeps your security plan up-to-date and effective, proves compliance efforts, and supports employee training – keeping security top of mind for all!  Plus, it consistently provides risk management for your security plan.

Are you confused with revisions on your IRS WISP?

Here’s a list of what documents to keep and store when updating your WISP:

1. Your original Written Information Security Plan (WISP), all revisions with clear dates including an explanation of the changes made and who made it, and the currently approved WISP.  These revisions will be crucial documents to help prove your compliance after a data breach.  

2. Employee training records that review the security plan including details such as the date of the training, who participated, what materials were used, and signatures to prove completion.  Not only does this step help compliance, but it also helps keep your employees on the same page and in the know when it comes to security.  WISP Builder makes training and gaining authorization signatures easy and digital.  

3. Security incident and response logs to track each incident, when it was detected and reported, steps taken to resolve it, and the outcome.  This maintenance and tracking helps you effectively maintain your WISP with evolving threats.  

4. Access control to help prevent unauthorized access or a data breach.  Track who has access to what including any changes or terminations made to staff.  Access control is important to review and update on a regular basis.  

5. Regular risk assessments are what WISPS are built around.  These insights help you to create a thorough and up to date security plan.  Keep track of when the assessments were made, the findings, and any recommended updates.

Best practices in tracking and storing changes to your IRS WISP

  • Keep all WISP-related files secure and organized in one place.  
  • Ensure that the most recent version of the updated WISP has been signed off on and is active.
  • Have a clear audit trail for any revisions. 
  • Set reminders to annually update your WISP. 

WISP Builder makes these best practices easy to follow by housing all documents, signatures, and reminders in one place.  

Does WISP Builder make it easy?

Maintaining your WISP manually can be overwhelming, but yes, WISP Builder makes the whole process easier.

WISPBuilder helps you to: 

  • Create, maintain, and store your WISP 
  • Track changes and store detailed documentation automatically
  • Schedule annual reviews
  • Store training records, incident logs, and risk assessments – all in one place

As we explained, an IRS WISP is a living document, so don’t stick it in a drawer only to be forgotten. 

Keep it top-of-mind and up-to-date by creating and maintaining your WISP using the WISP Builder tool.  Once you’ve used WISP Builder to create your security plan it will automatically remind you to make updates at least annually. 

And the best part is that maintaining and documenting the updates to your WISP will take you less time than it does to clean out that junk drawer.

Accountantsdata breach preventionData Security PlanIRS RegulationsIRS WISPPTIN RenewalSecurity PolicyTax ProfessionalWISP Compliancewritten information security plan
Previous
How to Keep Your WISP Compliant in a Changing World
Next
Complete An IRS WISP Review Annually: A Step-by-Step Guide
Trustpilot