Drake Software blog for tax pros, covering tax, IRS news, and more

Security Summit Announces New Sample Security Plan

Security Summit Announces New Sample Security Plan

Most tax-season-preparation checklists include updating software, reviewing tax law changes, earning continuing professional education credits, and training seasonal staff. Creating or updating a written information security plan (WISP) is one often-overlooked item that should make everyone's list. After all, tax professionals are required by the Federal Trade Commission’s Safeguards Rule to have one of these plans in place to protect client information.

Try Drake Tax for free! Download now!

Tax pros seeking help with a security plan for their office are in luck. The Internal Revenue Service announced the publication of a 29-page sample WISP by the Security Summit. Issued during the Summit’s “Protect Your Clients; Protect Yourself” educational outreach campaign, this document is the culmination of a months-long effort by the IRS, state departments of revenue, and tax industry.

Drake Software Director of Government Relations Jared Ballew currently serves as co-lead of the Security Summit Tax Professionals Working Group and is the incoming chair of the Electronic Tax Administration Advisory Committee. In the IRS news release, Jared explains that the Summit’s sample is an excellent resource for tax pros who need help creating a written information security plan for their office.

“There's no way around it for anyone running a tax business,” he says. “Having a written security plan is a sound business practice—and it's required by law. The sample provides a starting point for developing your plan, addresses risk considerations for inclusion in an effective plan, and provides a blueprint of applicable actions in the event of a security incident, data losses, and theft.”

It is important to note that this is not a one-size-fits-all document, and—as the WISP itself states—“it is not intended to replace your own research, to create reliance, or serve as a substitute for developing your own plan based upon the specific needs and requirements of your business or firm.” That said, the sample is written in plain language and designed to be flexible, so tax pros can easily adapt it for their office.

In addition to the download, the IRS recommends referencing documents like Publication 4557, Safeguarding Taxpayer Data; Publication 5293, Data Security Resource Guide for Tax Professionals; Identity Theft Central; and Small Business Information Security: The Fundamentals.

Source: IR-2022-147 

Ryan Norton

Whether designing superheroes, penciling caricatures, or just doodling, I always knew I was going to earn some sort of art degree while in college. That was my goal before I decided to trade Edgar Degas for Edgar Allan Poe during a Freshman English class. The BA in English soon morphed into a double-major in English and Philosophy, eventually becoming an MA in English. It only makes sense that I learned of a writing opportunity for a local marketing firm while teaching a first-year college English course. Before I knew it, I was writing and editing tax-related articles for Taxing Subjects, and this has been my home since 2014.