Tech4Accountants is an IT firm that aims to help small accounting firms ensure the protection of their customers’ sensitive data and maintain compliance with the IRS Safeguards Rule.
Explains Andrew Lassise, the owner of Tech4Accountants, “Most people didn’t notice when renewing their PTIN on the form it says ‘Data Security Responsibilities: As a paid tax return preparer, I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information. Check the box to confirm you are aware of this responsibility.’ This obligation has been in place since 2019, but I think most people blindly check “yes” because they know they need to say yes, but don’t actually have one in place, or understand how important it is to have one”.
“Setting these up aren’t just good practice, but actually law. Going through the documentation of security policies inside an organization helps the owner understand what they are doing well to protect their clients, and where there can be some improvement. The security plan is a great way to go through and check your company’s security from all angles” continues Andrew.
Tech4Accountants IRS Data Security Plan template can be downloaded for free by completing a form on their site, and covers various topics including:
IRS Security Six
IRS Publication 4557
Cybersecurity
Employee training
Steps to take in the event of a data breach
What exactly is an IRS WISP?
“An IRS Written Information Security Plan is the formal document in which an accounting firm describes the technical, physical, and administrative safeguards ensuring its clients’ information privacy,” adds Andrew.
“An IRS WISP helps an accounting firm to be well prepared for any cyber threat posed to the sensitive data held by a firm, either physically or electronically. The most important piece of it is knowing where you are protected and where you are vulnerable.
The IRS’s goal in requiring this document is to hold individual firms accountable for breaches in security of customer data. It’s difficult for the smaller firms to be able to have all of this great security in place without spending a fortune like the big firms can. The part that’s even worse is that the smaller firms are actually targeted BECAUSE they don’t have as sophisticated protection.”
Does the accounting firm need an IRS WISP?
Accountants are among the most vulnerable organizations to security breaches owing to the level of sensitive customer data they maintain. A simple 1040 return has enough information to commit identity theft.
“This financial data unfortunately attracts those intent on exploiting such systems for the huge payday they promise. In response to this ever-growing problem and to encourage compliance, the federal government has decided to raise awareness in this field. Many great practices can be located in Publication 4557, which has been our guiding light since it was released.”
What If the Firm Has No WISP?
According to the fifth Title of the Financial Services Modernization Act of 1999, also known as the Gramm Leach Bliley Act, financial institutions working under the Federal Trade Commission are required to take the necessary steps to ensure the protection of customers’ sensitive data as stated in the Safeguard Rule.
The Federal Trade Commission has implemented this rule through different regulatory sectors. As previously mentioned, violation of this rule may result in heavy penalties. The firm violating the law must pay a fine of $100,000 for each violation, while the individual members of the firm that are responsible may be paying a fine up to $10,000 for each violation.
Title 18 of the United States Code also states that individuals may face a prison term of up to five years! They are definitely not taking the subject lightly.
“These heavy penalties are surely motivation enough for tax firms to comply with the defined Data Security Responsibilities. We at Tech4Accountants aim to help you do just that with our free downloadable IRS Written Information Security Plan template. Originally, we thought it was going to be a cake walk to put this together, and the template didn’t exist when these rules first came out. It’s funny that others now charge $200-$400 for the blank template that we are giving away for free!” concludes Andrew.
Conclusion
Tech4Accountants is an IT firm that aims to help small accounting firms ensure the protection of their customers’ sensitive data and maintain compliance with the IRS Safeguards Rule.
Media Contact
Company Name: Tech4Accountants
Contact Person: Andrew Lassise
Email: Send Email
Phone: (877) 572-6989
Country: United States
Website: https://tech4accountants.net/free-written-information-security-plan-for-accountants/