Built by cybersecurity professionals
Designed by practitioners with hands-on incident response, audit, and compliance program experience — mapped to FTC and IRS guidance.
Meet IRS Publication 5708 and PTIN requirements with a guided WISP you can generate, maintain, and renew each year — built by cybersecurity professionals with real-world compliance and incident response experience.
Every paid tax preparer with a PTIN is required by the IRS and the FTC Safeguards Rule to maintain a current Written Information Security Plan aligned with IRS Publication 5708. WISPWolf generates that plan from a guided 5-minute intake, then keeps it current with live evidence from your Microsoft 365 tenant — so PTIN renewal and your next cyber-insurance review are straightforward.
The IRS and FTC are clear: a Written Information Security Plan is not optional for paid tax return preparers.
Since 2024, paid preparers must attest to having a written data security plan when renewing their PTIN. No WISP, no renewal.
The FTC Safeguards Rule (16 CFR Part 314) classifies tax preparers as financial institutions—mandating administrative, technical, and physical safeguards.
A breach of taxpayer data can mean IRS notification, state attorney general filings, and the end of client trust. A WISP is your first line of defense.
A real WISP covers four pillars. Templates and one-page forms don't cut it under audit.
Source: IRS Publication 5708, "Creating a Written Information Security Plan for your Tax & Accounting Practice."
WISPWolf turns IRS guidance into a workflow your front desk can run.
Answer plain-English questions about your practice—staff, software, data handling. We do the writing.
Read-only connection verifies MFA, conditional access, and admin posture—live evidence behind your WISP.
Every control in your plan is mapped to the IRS publication and the FTC Safeguards Rule citation.
Reminders, change tracking, and signed attestations so next year's PTIN renewal is straightforward.
A pilot-stage platform from practitioners who run compliance programs and respond to incidents — not a template vendor.
Designed by practitioners with hands-on incident response, audit, and compliance program experience — mapped to FTC and IRS guidance.
Built and maintained by an MSP actively serving accountants, tax preparers, bookkeepers, and insurance agencies under federal data-protection rules.
US-hosted infrastructure, encryption in transit and at rest, and least-privilege access — designed around protecting client data, not collecting it.
Pilot program now open. WISPWolf does not publish customer counts, audit pass rates, or named testimonials we cannot independently verify.
The same Living WISP, sized to how your practice actually runs.
Three real options for getting compliant. Here's how they stack up for a tax practice.
| Capability | WISPWolf | EasyWisp | Hire a Consultant |
|---|---|---|---|
| AI-generated WISP tailored to your practice | |||
| Mapped to IRS Pub 5708 | |||
| Live Microsoft 365 evidence | |||
| Automatic annual renewal tracking | |||
| PTIN attestation ready | |||
| Continuous compliance score | |||
| Time to first WISP | <1 hour | ~1 hour | 2–6 weeks |
| Starting price | $39/mo | $49/mo | $2,500+ one-time |
Pillar guides, checklists, and templates that walk every IRS Pub 5708 and FTC Safeguards Rule requirement.
The IRS's official WISP template structure, explained end-to-end.
ReadEvery 16 CFR Part 314 element mapped to IRS Pub 5708 controls.
ReadThe statutory foundation behind every WISP requirement.
ReadWhat changed for tax preparers this year and the gaps that fail audits.
ReadIRS WISP starter template, FTC checklist, GLBA checklist, and risk worksheet.
ReadExactly what every PTIN holder must do — and what happens if they don't.
ReadSection-by-section drafting walkthrough for a defensible WISP.
ReadA working tax-preparer WISP you can use as your structural baseline.
ReadThe questions PTIN holders and firm owners ask most often.
Yes. As of the 2024 PTIN renewal cycle, the IRS requires all paid preparers to confirm they have a written data security plan in place, consistent with IRS Publication 5708 and the FTC Safeguards Rule. The IRS Stakeholder Liaison program now samples PTIN attestations and can request the underlying WISP.
IRS Publication 5708 is the IRS's official guidance for creating a Written Information Security Plan, covering administrative, technical, and physical safeguards for taxpayer data. A WISP built to Pub 5708 generally satisfies the documentation expectations of the FTC Safeguards Rule for a small firm.
Yes. There is no firm-size exemption under IRS Pub 5708 or the FTC Safeguards Rule. A solo Enrolled Agent or CPA working from a home office has the same obligation as a 200-person CPA firm.
Most preparers complete the guided 5-minute intake and receive a tailored, IRS Pub 5708-mapped WISP in under an hour. The Microsoft 365 read-only integration then begins producing live evidence behind each control on a recurring schedule.
Carriers want the actual WISP document, the date of the most recent annual review, evidence of MFA enforcement, and the named Qualified Individual. WISPWolf produces all four as part of the standard export, formatted the way underwriters expect.
A template is a starting point — the FTC Safeguards Rule requires you to monitor and test your safeguards over time. WISPWolf turns the document into an ongoing program with live Microsoft 365 evidence, annual review reminders, and a signed attestation packet. Many firms start from the free WISPWolf Compliance Starter Kit and graduate to the platform when they want ongoing evidence.
At least annually, and any time there is a material change in your firm — new staff, new tax software, a new office, or a security incident. WISPWolf automates the review cadence and produces the signed annual report the Qualified Individual is required to deliver.
Generate a tailored, IRS Pub 5708-mapped Written Information Security Plan in under an hour. No templates, no consultants, no compliance theatre.