Skip to main content
Built for IRS Pub 5708 + PTIN Renewal
Compliant with IRS Pub 5708 · Pub 4557 · FTC Safeguards Rule 16 CFR Part 314

WISP Compliance Made Simple for Tax Professionals

Meet IRS Publication 5708 and PTIN requirements with a guided WISP you can generate, maintain, and renew each year — built by cybersecurity professionals with real-world compliance and incident response experience.

IRS Pub 5708 mappedFTC Safeguards RulePTIN attestation ready
Short answer

Every paid tax preparer with a PTIN is required by the IRS and the FTC Safeguards Rule to maintain a current Written Information Security Plan aligned with IRS Publication 5708. WISPWolf generates that plan from a guided 5-minute intake, then keeps it current with live evidence from your Microsoft 365 tenant — so PTIN renewal and your next cyber-insurance review are straightforward.

IRS Publication 5708 Aligned
FTC Safeguards Rule 16 CFR Part 314
AES-256 Encrypted at Rest
Built by Cybersecurity Professionals
Why It Matters

Why every tax preparer needs a WISP in 2026

The IRS and FTC are clear: a Written Information Security Plan is not optional for paid tax return preparers.

PTIN renewal requires it

Since 2024, paid preparers must attest to having a written data security plan when renewing their PTIN. No WISP, no renewal.

Federal law requires it

The FTC Safeguards Rule (16 CFR Part 314) classifies tax preparers as financial institutions—mandating administrative, technical, and physical safeguards.

Your clients expect it

A breach of taxpayer data can mean IRS notification, state attorney general filings, and the end of client trust. A WISP is your first line of defense.

IRS Pub 5708

What the IRS actually expects in your WISP

A real WISP covers four pillars. Templates and one-page forms don't cut it under audit.

Administrative safeguards

  • Designated security coordinator
  • Annual risk assessment
  • Employee training
  • Vendor management

Technical safeguards

  • Access controls + MFA
  • Encryption in transit & at rest
  • Anti-malware and patching
  • Secure backups

Physical safeguards

  • Locked file storage
  • Visitor & device controls
  • Secure document disposal
  • Workstation security

Ongoing program

  • Incident response plan
  • Annual WISP review
  • Breach notification process
  • Continuous monitoring

Source: IRS Publication 5708, "Creating a Written Information Security Plan for your Tax & Accounting Practice."

How We Help

Built for tax offices, not generic IT teams

WISPWolf turns IRS guidance into a workflow your front desk can run.

Guided 5-minute intake

Answer plain-English questions about your practice—staff, software, data handling. We do the writing.

Microsoft 365 integration

Read-only connection verifies MFA, conditional access, and admin posture—live evidence behind your WISP.

Mapped to IRS Pub 5708

Every control in your plan is mapped to the IRS publication and the FTC Safeguards Rule citation.

Guided annual review

Reminders, change tracking, and signed attestations so next year's PTIN renewal is straightforward.

Who builds WISPWolf

Built by Cybersecurity Professionals and an Active MSP

A pilot-stage platform from practitioners who run compliance programs and respond to incidents — not a template vendor.

Tax professionalsAccounting firmsInsurance agenciesFinancial service providersSmall businesses handling sensitive client data

Built by cybersecurity professionals

Designed by practitioners with hands-on incident response, audit, and compliance program experience — mapped to FTC and IRS guidance.

Developed by an active MSP

Built and maintained by an MSP actively serving accountants, tax preparers, bookkeepers, and insurance agencies under federal data-protection rules.

Privacy-first, US-hosted

US-hosted infrastructure, encryption in transit and at rest, and least-privilege access — designed around protecting client data, not collecting it.

Pilot program now open. WISPWolf does not publish customer counts, audit pass rates, or named testimonials we cannot independently verify.

Right-Sized

Whether you're solo or scaling

The same Living WISP, sized to how your practice actually runs.

Solo Preparer

For independent EAs, CPAs & ERO preparers

  • Generate a complete WISP in under an hour
  • PTIN renewal attestation, handled
  • Plain-English plan you actually understand
  • Starts at $39/month — cheaper than one CPE class
Best on Starter
Multi-Person Firm

For growing tax & accounting practices

  • Role-based workflows for owner, staff, IT
  • Live Microsoft 365 evidence across the team
  • Gap remediation tracker with owners & due dates
  • Audit-ready exports for insurers and the IRS
Best on Professional
Compare

WISPWolf vs. EasyWisp vs. hiring a consultant

Three real options for getting compliant. Here's how they stack up for a tax practice.

CapabilityWISPWolfEasyWispHire a Consultant
AI-generated WISP tailored to your practice
Mapped to IRS Pub 5708
Live Microsoft 365 evidence
Automatic annual renewal tracking
PTIN attestation ready
Continuous compliance score
Time to first WISP<1 hour~1 hour2–6 weeks
Starting price$39/mo$49/mo$2,500+ one-time
Frequently Asked

Tax preparer WISP questions

The questions PTIN holders and firm owners ask most often.

Do tax preparers need a WISP to renew their PTIN?

Yes. As of the 2024 PTIN renewal cycle, the IRS requires all paid preparers to confirm they have a written data security plan in place, consistent with IRS Publication 5708 and the FTC Safeguards Rule. The IRS Stakeholder Liaison program now samples PTIN attestations and can request the underlying WISP.

What is IRS Publication 5708?

IRS Publication 5708 is the IRS's official guidance for creating a Written Information Security Plan, covering administrative, technical, and physical safeguards for taxpayer data. A WISP built to Pub 5708 generally satisfies the documentation expectations of the FTC Safeguards Rule for a small firm.

Does the WISP requirement apply to solo preparers and home offices?

Yes. There is no firm-size exemption under IRS Pub 5708 or the FTC Safeguards Rule. A solo Enrolled Agent or CPA working from a home office has the same obligation as a 200-person CPA firm.

How fast can WISPWolf generate a tax-preparer WISP?

Most preparers complete the guided 5-minute intake and receive a tailored, IRS Pub 5708-mapped WISP in under an hour. The Microsoft 365 read-only integration then begins producing live evidence behind each control on a recurring schedule.

Will my cyber insurance carrier accept the WISPWolf WISP?

Carriers want the actual WISP document, the date of the most recent annual review, evidence of MFA enforcement, and the named Qualified Individual. WISPWolf produces all four as part of the standard export, formatted the way underwriters expect.

How is WISPWolf different from a free WISP template?

A template is a starting point — the FTC Safeguards Rule requires you to monitor and test your safeguards over time. WISPWolf turns the document into an ongoing program with live Microsoft 365 evidence, annual review reminders, and a signed attestation packet. Many firms start from the free WISPWolf Compliance Starter Kit and graduate to the platform when they want ongoing evidence.

How often does the WISP need to be reviewed and updated?

At least annually, and any time there is a material change in your firm — new staff, new tax software, a new office, or a security incident. WISPWolf automates the review cadence and produces the signed annual report the Qualified Individual is required to deliver.

Renew your PTIN with confidence

Generate a tailored, IRS Pub 5708-mapped Written Information Security Plan in under an hour. No templates, no consultants, no compliance theatre.