Tax professionals are federally obligated to prepare a Written Information Security Plan (WISP) for their business, the IRS said in a July 29 statement.
The WISP document details an organization’s security controls and is aimed at ensuring that clients’ personally identifiable information is protected from unauthorized access. It lays out actions that must be taken in case of a security incident such as a data breach.
An effective WISP focuses on three key areas—employee management and training, information systems, and detecting and managing system failures, the IRS said.
“The Gramm-Leach-Bliley Act (GLBA) requires all financial institutions to protect customer data. Under this law, tax and accounting professionals are considered financial institutions and must implement a data security plan,” the agency said….