The Internal Revenue Service and its Security Summit partners have created a written information security plan that walks tax professionals through how to get started on a plan, which they are legally required to have to protect clients' data.
A WISP protects client information most effectively when tailored to the size, scope, complexity and sensitivity of client data, according to the IRS, which adds that a plan should focus on employee training and management, information systems and system failure detection and management.
As a part of their security plan, each tax professional needs to:
- Designate employees to coordinate information security.
- Identify and assess risks to client information in each area of the practice.
- Evaluate current safeguards.
- Design and implement a safeguards program and regularly monitor and test it.
- Contract a service provider that maintains safeguards and handling of customer information.
WISPs need constant evaluation and adjustment based on circumstances, changes in the practice or the results of testing and monitoring.
The IRS recently introduced a
For more, see the
