Do tax preparers need a WISP?

Yes. Every paid tax return preparer who handles taxpayer information is required by the IRS to maintain a Written Information Security Plan. The requirement is reinforced annually at PTIN renewal, where preparers must attest to having a written data security plan.

Is a WISP required by the IRS?

The WISP requirement comes from the FTC Safeguards Rule (16 CFR Part 314), which classifies paid tax preparers as financial institutions. The IRS enforces this requirement and reminds preparers of it in Publication 5708, Publication 4557, and on every PTIN renewal questionnaire.

Can I use a free WISP template?

A free WISP template is a reasonable starting point and can satisfy the baseline written-document requirement, but it does not satisfy the FTC Safeguards Rule's expectations for ongoing risk assessment, employee training, vendor oversight, and continuous control monitoring. Use the template to start, then build a maintained program around it.

How often should a WISP be updated?

At minimum, your WISP must be reviewed and updated annually. It should also be updated whenever you experience a material change — new staff, new software, new locations, a security incident, or new regulatory guidance.

What is IRS Publication 5708?

IRS Publication 5708, 'Creating a Written Information Security Plan for Your Tax & Accounting Practice,' is the IRS's plain-language guide for paid preparers. It outlines the six required WISP elements and provides a sample template you can adapt for your firm.

Wolf Academy · Resources & Guides

Wolf Academy: compliance, explained clearly

Plain-English compliance and cybersecurity resources for tax professionals, accounting firms, insurance agencies, and small businesses handling sensitive client data.

FeaturedCompliance

FTC Safeguards Rule WISP Checklist for Tax Preparers (2025)

A complete plain-English checklist of every administrative, technical, physical, vendor, and annual-review control your WISP must address — plus how to auto-verify with Microsoft 365.

11 min readRead guide

Compliance

IRS WISP Requirement for PTIN Holders: What Every Tax Preparer Must Do in 2025

If you hold a PTIN, you're required to have a Written Information Security Plan. Here's what the IRS requires, what your WISP must contain, and what happens if you don't have one.

8 min readRead

Templates

Free WISPWolf Compliance Starter Kit

Download the free WISPWolf Compliance Starter Kit — IRS WISP starter template, FTC Safeguards Rule checklist, GLBA checklist, risk assessment worksheet, cyber insurance guide, and tax preparer compliance checklist. Identify your compliance gaps before PTIN renewal.

14 min readRead

Compliance

WISP Requirements 2026: What Tax Preparers Need to Know

What changed in 2026 across IRS Pub 5708, the FTC Safeguards Rule, and cyber insurance — and the minimum WISP every tax preparer should have.

9 min readRead

Fundamentals

Tax Preparer Security Plan Guide: Building a Compliant WISP

A step-by-step guide to scoping, writing, implementing, and maintaining a Written Information Security Plan for a tax practice.

10 min readRead

Compliance

GLBA Safeguards Rule for Tax Preparers and Small Businesses

The nine required elements of the GLBA Safeguards Rule and how they map to your WISP and IRS Pub 5708.

8 min readRead

Fundamentals

What Is a Written Information Security Plan and Why You Need One

A clear primer on the Written Information Security Plan (WISP): what it covers, who must have one, and why it matters in 2025.

6 min readRead

Strategy

Why a One-Time WISP Template Will Fail Your Next IRS Audit

Static PDFs fail under audit and insurance review. Here's why a Living WISP is now the standard for tax and accounting firms.

6 min readRead

Integrations

How Microsoft 365 Integration Automates Your WISP Compliance

Turn your Microsoft 365 tenant into live WISP evidence — MFA, conditional access, and audit logs verified continuously.

8 min readRead

Checklists

Annual WISP Review Checklist Every CPA Firm Needs

Use this annual WISP review checklist to keep your CPA firm audit-ready, insurer-friendly, and ahead of FTC requirements.

5 min readRead

Cyber Insurance

How to Answer Your Cyber Insurance Questionnaire as a Tax Preparer

What insurers actually look for, how a WISP maps to NetGuard Plus and ransomware supplementals, and how documentation lowers your premium.

8 min readRead

Comparisons

EasyWisp.ai Alternative: A More Affordable Living WISP Platform

Compared EasyWisp.ai? See how WISPWolf delivers a continuously-monitored Living WISP starting at $39/month with live evidence.

7 min readRead

Comparisons

Rightworks WISP vs WISPWolf: One-Time vs Ongoing Compliance

Rightworks bundles a static WISP. WISPWolf is a Living WISP. Here's the side-by-side for tax and accounting firms in 2025.

8 min readRead

Monthly Compliance Brief

One short email a month. No fluff.

New FTC & IRS guidance, fresh checklists, and lessons from real audits — written for firm owners.