Tax pros have another tool to use against ID thieves and data breaches: a newly updated Written Information Security Plan from the Internal Revenue Service.
The
The WISP includes several new information updates over the first version, highlighting, for example, best practices for multifactor authentication. It walks users through getting started on a plan, including understanding security compliance requirements and professional responsibilities.
Also included is an outline for a basic WISP and a sample template intended to give tax pros a starting point in understanding and attempting to draft a plan for their practice.
"It's more important than ever for tax pros to protect their data, passwords and other information," said Kimberly Rogers, director of the IRS Return Preparer Office and co-chair of the Summit's Tax Pro Working Group, in a statement. "The updated Written Information Security Plan is a result of months of work by tax professionals across the country. The Security Summit members worked together on this plan to make it easier for all tax professionals to develop a plan and an approach that is right for them."
Tax professionals are required to have a written security plan under federal law and must have it in a written form that's accessible. In addition, it is recommended that tax professionals review, test and update their WISPs.
Tax pros also now need to report any security event affecting 500 or more people to the Federal Trade Commission no later than 30 days from the date of discovery, as well as report the incident to an IRS
"The IRS and the Security Summit partners urge tax pros to stay on top of these evolving threats, and this updated plan is an important part of that effort," said IRS Commissioner Danny Werfel in a statement.
