top of page
WISP (1).png


Creating your IRS-required 

Written Information Security Plan

is easy with Tel-Arm's WISP Wizard tool!

What is a 

Having a WISP, or written information security plan, is a legal requirement for all US tax and accounting professionals. The WISP  was developed by the Security Summit, a partnership of the Internal Revenue Service, state tax agencies, private-sector tax groups, and tax professionals, in order to safeguard against identity theft and tax refund fraud.  The WISP details how your firm attempts to keep customer data safe, by outlining security and privacy controls that are in place.

Who needs a WISP?

Having a written security plan is more than just good practice.

Federal law mandates and enforces, through the Federal Trade Commission, that all professional tax professionals, such as Certified Public Accounts (CPAs), Enrolled Agents, Tax Attorneys, and Tax Consultants are required to maintain and implement a WISP.

What should be included in a WISP?

A good WISP should focus on three areas:

  • Employee management and training

  • Information systems

  • Detecting and managing system failures

​Your WISP should include the following details:

  • Persons responsible for overseeing your security programs​

  • Data Collection & Data Retention

  • Employee data handling

  • Security Risk Mitigation

  • Security Policies & Incident Response details

  • Employee Security Awareness Training policy

How to prepare the WISP

The IRS provides a standard WISP template that can be edited to reflect your company’s size, scope of activities, complexity, and the sensitivity of the customer data it handles.

However, this may prove difficult for many non-technical individuals, as they may be unfamiliar or uncomfortable with assessing their scope, performing risk assessments, and creating security policies. 


Therefore, Tel-Arm has developed the WISP Wizard to help tax professionals easily create their own, personalized WISP. After all questions presented in the Wizard are answered, an IRS-compliant WISP will be created for you by our team of cybersecurity and compliance professionals.

Implementing the WISP

Just obtaining a WISP is not enough for legal compliance. After you have created your WISP, you are legally required to implement it. As nice as it is to have your own security plan, it means absolutely nothing if the security policies and controls outlined in the WISP are not in place. 

Reaching out to IT and cybersecurity professionals to help with implementing your WISP should be the next step after creating your WISP.

Tel-Arm has a talented team of information security managers who have extensive experience in creating, implementing, and managing security programs. Let us know if we can assist in implementing your new Written Information Security Plan!



I am interested in:

Thanks for submitting!

bottom of page