Tax Season 2025 is approaching and, in case you missed it, recent updates to the Written Information Security Plan requirements have introduced additional complexities to the process. It’s crucial for accounting firms and tax preparers to reassess their current strategies with these changes in mind. The implications of non-compliance are significant, with potential consequences that could significantly impact your business. As we approach tax season, make sure you stay informed and ensure your WISP is robust and up to date.

WISPs and PTINs

The Preparer Tax Identification Number renewal and WISP compliance connection aren’t new. However, recent IRS modifications have expanded their scope and changed basic security protocols into more comprehensive requirements that demand careful attention and regular updates. 

That means every year, when you check off “WISP” before the December PTIN renewal deadline, it’s critical to make sure your practice is compliant with the latest changes. 

In the last round of modifications, the IRS mandated:

• Enhanced risk assessment protocols:
• Stricter data encryption standards;
• Comprehensive incident response planning: and,
• Expanded employee training requirements;

Consequences of noncompliance

The WISP requirement aligns with the FTC’s Safeguards Rule and IRS guidelines on protecting taxpayer data. It’s not just a regulatory requirement; it’s a crucial step in safeguarding sensitive client information and maintaining professional integrity.

“The Gramm-Leach-Bliley Act (GLBA) is a US law that requires financial institutions to protect customer data,” says IRS Publication 5708. “In its implementation of the GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule to outline measures that are required to be in place to keep customer data safe. Under the GLBA and Safeguards Rule, tax and accounting professionals are considered financial institutions, regardless of size. A requirement of the Safeguards Rule is implementing and maintaining a WISP. Your WISP must be written and accessible.”

Failing to have a WISP in place can result in:

• Inability to renew your PTIN, affecting the ability to prepare tax returns for clients;
• Legal penalties and disciplinary actions by the IRS; and,
• Increased vulnerability to data breaches, which can lead to financial and reputational damage.

Though this might seem overwhelming, there is good news. To help simplify the road to compliance, several organizations offer WISP templates with varying features and levels of specialization. Some of these tools are free, some are not, some are made for accountants while others are more general, and some are specifically IRS compliant while others are partially so, but all can be used to help get a handle on WISPs. They include:

1. IRS Publication 5708 
2. Practice Protect 
3. CPACharge 
4. SANS Institute 
5. AICPA-CIMA 
6. Tech4Accountants
7. Rightworks WISP

Compliance timeline

The PTIN renewal deadline of December 31 serves as a critical checkpoint for WISP compliance, but effective security planning requires a year-round commitment. Firms should begin their review and update process well in advance of the deadline to ensure adequate time for implementation, testing, and staff training. 

Key compliance elements:

• Annual WISP review and updates with quarterly assessments of emerging security threats;
• Comprehensive documentation of all security protocols, including access controls and data handling procedures;
• Regular employee training sessions, with mandatory updates for new hires and refresher courses for existing staff;
• Incident response plan testing through simulated security breaches and response drills;
• System security audits covering both internal networks and third-party vendor integrations;
• Regular backup testing and disaster recovery plan validation; and,
• Periodic review of user access privileges and authentication protocols.

Your clients deserve secure data

A current, compliant security plan represents more than regulatory compliance—it demonstrates your firm’s commitment to protecting client data and maintaining professional standards. How you handle your clients’ sensitive financial and personal information is fundamental to your firm’s relationships and reputation.

The most successful firms approach WISP compliance not as a burden but as an opportunity to strengthen client relationships and differentiate their services. 

So, as we approach Tax Season 2025, ensure you remain up-to-date, compliant and secure with your firm’s data. This is not only a critical aspect of professional tax preparation services but also a standard your clients rightfully expect.