Skip to main content



A special new sample security plan designed to help tax professionals, especially those with smaller practices, protect their data and information, has been developed by the Security Summit.

The special plan, called a Written Information Security Plan or WISP, is outlined in a 29-page document that's been worked on by members of the Security Summit, including tax professionals, software and industry partners, representatives from state tax groups and the IRS.

Federal law requires all professional tax preparers to create and implement a data security plan. The Security Summit group – a public-private partnership between the IRS, states and the nation's tax industry – has noticed that some tax professionals continue to struggle with developing a written security plan.

In response to this need, the Summit – led by the Tax Professionals Working Group – has spent months developing a special sample document that allows tax professionals to quickly set their focus in developing their own written security plans.

"Tax professionals play a critical role in our nation's tax system," said Carol Campbell, director of the IRS Return Preparer Office and co-lead of the Summit tax professional group. "But for many tax professionals, it is difficult to know where to start when developing a security plan. The Summit members worked together on this guide to walk tax pros through the many considerations needed to create a Written Information Security Plan to protect their businesses and their clients, as well as comply with federal law."

Each year, the Security Summit partners highlight a "Protect Your Clients; Protect Yourself" summer campaign aimed at tax professionals. This is the fourth in a series of five tips for this year's effort. These are issued each Tuesday to coincide with the Nationwide Tax Forums, which help educate tax professionals on security and other important topics.

There are many aspects to running a successful business in the tax preparation industry, including reviewing tax law changes, learning software updates and managing and training staff. One often overlooked but critical component is creating a WISP.