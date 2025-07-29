IR-2025-79, July 29, 2025

WASHINGTON — The Internal Revenue Service and its Security Summit partners today reminded tax professionals about the federal mandate to have a Written Information Security Plan (WISP) designed to help protect them against threats from identity thieves and data breaches. IRS provides resources to help with this process.

As part of a special five-part series, the IRS and Summit partners highlight the importance of tax pros creating and maintaining a WISP.

This marks the third installment of a summer news release series focused on tax professional security. The "Protect Your Clients; Protect Yourself" campaign provides timely tips to help protect sensitive taxpayer data while protecting businesses from identity theft.

What tax pros should know about WISPs

Required by law. The Gramm-Leach-Bliley Act (GLBA) requires all financial institutions to protect customer data. Under this law, tax and accounting professionals are considered financial institutions and must implement a data security plan. As a part of the plan, the Federal Trade Commission (FTC) requires each firm to:

Designate one or more employees to coordinate the information security program.

Identify and assess risks to customer information in relevant areas of the company's operation and evaluate the effectiveness of safeguards.

Create, implement and regularly monitor and test security safeguards.

Select service providers that can maintain appropriate safeguards and ensure their contracts require compliance.

The basics of a WISP. A good WISP focuses on three areas: Employee management and training Information systems Detecting and managing system failures

A good WISP focuses on three areas: Employee management and training, Information systems, and Detecting and managing system failures. IRS offers WISP tools and resources. IRS Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice PDF is a 28-page template designed to help tax professionals, especially smaller practices, develop a WISP and guide users through starting a plan, including understanding security compliance requirements and professional responsibilities.

IRS Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice is a 28-page template designed to:

Tax professionals are legally required to have a written, accessible plan and should review, test and update it regularly. Adjustments should be made based on changes in the firm’s operations or security testing and monitoring results.

As part of a security plan, the IRS also recommends that tax professionals develop a data theft response plan, including contacting their IRS Stakeholder Liaison to report a security incident. Tax professionals can also share information with the appropriate state tax agency by visiting the Federation of Tax Administrators’ webpage: Report a Data Breach.

Tax professionals should understand the FTC data breach response requirements PDF as part of their overall information and data security plan. The WISP also includes information on the requirement to report an incident to the FTC when 500 or more individuals are affected within 30 days of the incident.

