As we enter 2025, the Written Information Security Plan (WISP) requirements for tax professionals have never been clearer — or more strictly enforced. Whether you're creating your first WISP or updating an existing one, this comprehensive guide covers everything you need to know.
The Dual Mandate: IRS + FTC
Tax professionals face compliance requirements from two federal agencies. The IRS requires a WISP under Publication 4557 and the Gramm-Leach-Bliley Act. The FTC's amended Safeguards Rule (effective June 2023) adds specific technical requirements including encryption, MFA, access controls, and annual penetration testing for firms handling data of 5,000+ customers.
What Your WISP Must Include
A compliant WISP in 2025 must address these key areas:
- Designation of a qualified security coordinator
- Comprehensive risk assessment documenting all threats to client data
- Specific safeguards for each identified risk (administrative, technical, physical)
- Employee training program with documented completion records
- Vendor due diligence and business associate agreements
- Incident response plan with notification procedures
- Data retention and secure disposal policies
- Annual review and update schedule
Need help creating or updating your WISP? Bellator Cyber Guard has helped thousands of tax professionals achieve full IRS and FTC compliance. Download our free WISP template to get started, or contact us for professional WISP writing services.
Free Consultation
Ready to secure your business?
Book a free 30-minute consultation with our tax cybersecurity experts.