Skip to main content
WISP for Bookkeepers and Enrolled Agents

Bookkeepers and Enrolled Agents: Your WISP Guide

Yes, the WISP requirement applies to your practice — even if you work solo, part-time, or primarily in QuickBooks. Here's what it means and what to do about it.

GLBA mappedFTC Safeguards RuleIRS Pub 4557 aligned
Does the WISP requirement apply to bookkeepers?

Yes — unambiguously. Under GLBA, any firm "significantly engaged" in financial activities is a financial institution subject to the FTC Safeguards Rule (16 CFR Part 314). Bookkeepers handle bank data, payroll records, income statements, and account credentials — all nonpublic personal financial information. Enrolled agents prepare tax returns, hold IRS power of attorney, and handle tax transcripts — fully covered.

The 5,000-consumer threshold does not exempt small firms from having a WISP; it only reduces documentation depth for some subsections. Whether you have five clients or five hundred, you still need a written program that identifies risks, designates a responsible person, and documents safeguards. IRS Publication 4557 requires tax professionals to safeguard taxpayer data, and IRS Publication 5708 provides the template structure the IRS expects. If you touch client financial data, the WISP requirement applies to you, regardless of firm size.

Built for You

What WISPWolf does for bookkeepers and EAs

A compliance program sized for small practices, mapped to the actual rules that apply to you.

Built for small practices

WISPWolf works for solo bookkeepers and single-person enrolled agents, not just large CPA firms. The intake adapts to one-person workflows and still produces a defensible WISP.

Starts in 5 minutes

The guided intake covers your actual software, clients, and data handling. You answer plain-English questions; WISPWolf does the compliance writing.

Scored against real requirements

Your compliance score maps directly to IRS Publication 4557 and FTC 16 CFR Part 314, not a generic checklist. You see exactly where you stand.

Renewal on autopilot

Annual review reminders and one-click attestation keep your WISP current. Compliance becomes a habit, not a last-minute scramble.

How It Works

From quiz to compliant WISP in under an hour

A simple process designed for bookkeepers and enrolled agents without an in-house IT team.

1. Take the guided quiz

Answer plain-English questions about your practice, tools, and clients.

2. Review your tailored WISP

Receive a bookkeeper-specific WISP mapped to GLBA and FTC requirements.

3. Connect Microsoft 365

Optional read-only integration verifies MFA and admin posture for live evidence.

4. Maintain with annual reviews

Track acknowledgements and schedule reviews so your WISP stays current.

Pricing

Simple, transparent pricing

Pick the tier that matches your firm. Pilot pricing — cancel anytime.

Starter

$39/month

For solo preparers and small practices getting compliant.

  • Guided WISP assessment
  • AI-assisted WISP draft
  • FTC and IRS control mapping
  • PDF export
  • Annual review reminders
Start with Starter
Best Value

Professional

$99/month

For growing firms that want an ongoing compliance program.

  • Everything in Starter
  • Compliance readiness score
  • Gap remediation workflow
  • Evidence organization
  • Policy acknowledgement tracking
  • Priority support
Choose Professional

Agency

$199/month

For multi-location firms and partners managing several programs.

  • Everything in Professional
  • Multi-client or multi-location support
  • Team workflow
  • Advanced reporting
  • Partner-ready dashboard
  • Dedicated onboarding support
Choose Agency

Pilot program now open. 14-day free trial. No credit card required to start. Some advanced features are labeled “Coming Soon” and are actively in development.

Frequently Asked

Bookkeeper and EA WISP questions

Straight answers to the questions small practices ask most often.

I only have a few clients — do I still need a WISP?

Yes. The FTC Safeguards Rule and IRS Publication 4557 apply regardless of client count. A solo bookkeeper or enrolled agent has the same WISP obligation as a large firm. The difference is only the size and complexity of your documentation.

What's the difference between what a bookkeeper needs and what a CPA firm needs?

The framework is the same, but the risks differ. A CPA firm may emphasize audit workflows and multi-staff access. A bookkeeper's WISP focuses on QuickBooks access, payroll vendor oversight, client portal use, and bank-account verification.

I use QuickBooks and a client portal — what does my WISP need to say about those?

Your WISP should document who has access to each system, what MFA is enabled, how data is transmitted, and what happens if credentials are compromised. WISPWolf generates these sections automatically.

How do I prove my WISP to a cyber insurer or a client asking for it?

You need the WISP document, a signed annual review, evidence of safeguards like MFA, and proof of training. WISPWolf exports these as a single packet you can share directly.

Build your bookkeeper WISP today

Generate a tailored, GLBA-mapped Written Information Security Plan in under an hour. No templates, no consultants, no compliance theatre.

Sources: FTC 16 CFR Part 314, IRS Publication 4557, IRS Publication 5708.