A new written information security plan (WISP) template has been issued by the IRS to help protect tax professionals, especially smaller practices, against continuing threats from identify thieves and data breaches. (IR-2024-208) Federal law requires that tax professionals have a WISP and they must affirmatively declare that they have one when they renew their PTIN each year. This new template can be used by tax professionals to meet this mandate.
The new version of the WISP includes several new information updates since the first version came out, including best practices for implementing multi-factor authentication for any individual accessing any information system.
The updated WISP, which is contained in IRS Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice, is available at:
www.irs.gov/pub/irs-pdf/p5708.pdf
The IRS also reminds tax professionals that they must report a security event affecting 500 or more people to the Federal Trade Commission (FTC) as soon as possible, but no later than 30 days from the date of discovery. This is in addition to reporting the incident to an IRS stakeholder liaison and state tax authorities. Stakeholder Liaison contact information is available at:
www.irs.gov/businesses/small-businesses-self-employed/stakeholder-liaison-local-contacts
Sign up for Spidell’s 2024/25 Federal and California Tax Update and see why more than 18,000 tax pros choose Spidell each year. Click here for details.