IRS WISP Annual Review: A Step-by-Step Guide
Think of an annual IRS WISP review like your annual doctor’s visit.
You may not like going to the doctor, but you still do, because you know the power in prevention and health maintenance. Discovering a smaller issue early is a much better situation than finding a major issue later.
You probably do not think about your IRS WISP every day, but missing your annual IRS WISP update could mean you’re not noticing issues until it’s too late – like with a data breach, an audit that ends in non-compliance, or a large penalty from the IRS.
Just like when your doctor checks your vitals and suggests changes in your lifestyle, your IRS WISP checks your cybersecurity plan for new risks and changes in personnel to determine if your systems need any adjustments.
Initially, creating a WISP does make you compliant with the IRS, but many fail to understand that it doesn’t keep you compliant long term. To stay compliant you are required to update your WISP annually, or simply if there are changes in personnel.
That’s why we’ve created this step-by-step annual IRS WISP review checklist — to give you a specific, action plan to stay compliant and reduce your risk.
Accountants and Tax Preparers are confused on what is really required in an IRS WISP
We bet you found the free IRS template online. It may be free, but we bet you are overwhelmed looking at it with everything else you need to do at this moment. A few questions to ponder:
- What is the opportunity cost of you DIYing the IRS WISP?
- Isn’t your time better spent improving client retention and finding new clients – perhaps with Practice Panda?
- Are you a cybersecurity expert and can do it fast an accurately?
- Will the free IRS WISP template online remind you to keep compliant and make collaboration with your IT easy?
IRS WISP Compliance confusion around what the IRS would even consider compliant is running through the heads of so many tax accountants. Therefore, accounting and tax firms who wrote their IRS WISP last year, are now wondering if they really do need to update it.
You absolutely should know that the IRS requires anyone who handles personal private information, including both larger firms and solo accountants, must create and maintain a WISP. And while the IRS does offer that free WISP template, they don’t provide helpful direction on how to store, test, secure, collaborate, or update your plan to stay consistently compliant.
An annual IRS WISP review is now something that you should build into your practice, just like your time spent preparing for tax season. Here is a checklist you can use to cover all of your bases.
8 Step Checklist for Your IRS WISP Review:
Step 1: Confirm the “IRS WISP Owner”. Your WISP requires a designated security coordinator who acts as the person responsible for maintaining and overseeing your security plan. Every year, be sure to confirm who the responsible party will be and update their contact info in your WISP / cybersecurity plan. If the firm has grown considerably, decide if the current security coordinator is a good fit, or if changes need to be made.
Step 2: Review data access. Review all locations where data is stored such as cloud systems, local servers, external drives, and filing cabinets. Review who has access to the information and if changes need to be made, documenting any updates in your WISP.
Step 3: Evaluate cybersecurity risk assessment. Take the time to evaluate any new risks that have arisen within the past year. This could include changes in remote access, new software or systems, phishing attempts, and new cybersecurity threats on the rise. Consider whether your passwords, firewalls, and backups are still working for you.
Step 4: Review vendors and third parties like cloud-based tax software, payroll processor, or IT contractors who are part of your data security plan, and have these vendors sign off on your IRS WISP for proof of acknowledgement.
Step 5: Test your system and train your team. Run a mock data breach to test and train your staff while providing an updated WISP to all team members. And if you are a solo accountant – run through a mock data breach test on your own. Include the date and details of the training sessions in your WISP for proof of compliance.
Step 6: Ensure physical security is in place. Review locks, alarm systems, shredding policies, and screen visibility. Make updates to your WISP with any new equipment or changes in location.
Step 7: Review and document backups and encryption. Data backups should be automatically encrypted and tested regularly. Anything portable like laptops, cell phones, or USBs should also be encrypted and password-protected. Update your WISP with the specific cybersecurity protocol around back ups and encryption, and note any tools used to help protect data here.
Step 8: Document everything. This is the step that so many firms forget. To stay compliant your IRS WISP needs to be updated annually with documentation confirming that you took the time to effectively review these steps. In the case of an audit, showing the IRS that you have detailed documentation to prove that you have actively updated your WISP every year can make a big difference.
WISP Builder helps make your annual IRS WISP review easy and efficient
Here’s what you will find inside the WISP Builder tool to help you make this annual IRS WISP review less painful and erase the burden of wondering if you really are compliant.
- Fully IRS compliant online collaboration tool to create your WISP
- Annual automatic reminders for reviews and training
- Automatic documentation of updates and reviews
- Templates to help you assess cyber risk and policies
- Secure, cloud-based storage for your IRS WISP and supporting documents
WISP Builder makes creating and maintaining your IRS WISP simple.
We take away the worry that so many tax pros have around compliance. Just like an annual physical, your annual IRS WISP review gives you peace of mind with preventative measures for you and your clients.
In the case of an audit or data breach, your IRS WISP will be your first line of defense. Will yours be updated and ready to prove your IRS compliance?
Taking the time to correctly create and annually review your WISP with our fully compliant online collaboration tool can prevent hours of stress down the road.
Ready to do your WISP annual check up?