Rightworks bundles a one-time WISP document with its hosting product. WISPWolf is a vendor-neutral Living WISP platform that pulls live Microsoft 365 evidence and updates continuously. Many firms use Rightworks for hosting and WISPWolf for the WISP itself.
In a hurry? Get your free Compliance Score, then come back to this guide.
Take the Free Quiz View Sample WISPRightworks (the former Right Networks) is one of the largest hosted-application providers in the tax and accounting space. As part of its bundle, Rightworks offers customers help producing a Written Information Security Plan. For many firms, that is their first exposure to the WISP requirement. The question we hear most often from those firms is: is the Rightworks WISP enough, or do we need a dedicated platform?
This article is an honest, vendor-by-vendor comparison. We are not affiliated with Rightworks. Features and pricing change — always verify directly with each vendor before deciding.
What the Rightworks WISP Offers
The Rightworks WISP is typically delivered as a generated document tailored to a firm that hosts its tax software inside the Rightworks environment. Because Rightworks controls the hosting layer, parts of the document describe controls running in Rightworks' infrastructure — physical security of the data centers, encryption of hosted disks, redundancy, and audit logs at the hosting level. For a firm whose entire tech stack lives inside Rightworks, this answers a meaningful slice of the WISP question.
Where the Rightworks Model Falls Short
Three gaps tend to surface during audits and insurance renewals:
- Coverage stops at the hosting boundary. Most firms have meaningful data and identity outside Rightworks — Microsoft 365 email, OneDrive, Google Workspace, e-signature platforms, portals, AI tools. The bundled WISP does not produce live evidence for any of these.
- It is a snapshot, not a program. The FTC Safeguards Rule requires ongoing monitoring and testing of safeguards — see the FTC Safeguards Rule checklist and why a one-time WISP document is no longer enough. A document generated once does not satisfy 16 CFR § 314.4(d) on its own, and IRS Pub 5708 assumes you will refresh it.
- It locks you to the hosting vendor. If the firm ever leaves Rightworks, the WISP — and any renewal cadence around it — typically does not travel with you.
What WISPWolf Does Differently
WISPWolf is a standalone compliance SaaS, not an MSP and not a hosting product. It is designed to sit alongside whatever infrastructure your firm already runs.
- Live Microsoft 365 evidence. A read-only Graph API connection pulls MFA, Conditional Access, audit log, and external sharing posture continuously and maps each signal to the FTC and IRS control it satisfies.
- A living compliance score. Drift is flagged as it happens. The score reflects current reality, not last year's intent.
- Vendor-neutral. Use it with Rightworks, with Microsoft 365, with Google Workspace, with a local server — the WISP is yours regardless of where the data lives.
- Transparent pricing starting at $39 per month. No hosting bundle required.
Side-by-Side Comparison
- Generated, IRS-structured WISP document: Both.
- FTC Safeguards Rule and IRS Pub 5708 mapping: Both.
- Coverage of Microsoft 365 evidence: WISPWolf.
- Continuously-updated compliance score: WISPWolf.
- Gap remediation workflow tied to live signals: WISPWolf.
- Annual review reminders and signed renewal logs: WISPWolf.
- Hosting infrastructure for tax applications: Rightworks.
- Vendor-independent (portable across MSPs and hosting providers): WISPWolf.
Who Should Stay With the Rightworks WISP
Firms that run 100 percent inside the Rightworks hosted environment, have no email or document storage outside it, and only need the document for an insurance attestation may find the bundled WISP sufficient — with the caveat that the monitoring requirement still has to be met some other way.
Who Should Use WISPWolf Instead (or Alongside)
Firms that use Microsoft 365 or Google Workspace for email, store files in OneDrive or SharePoint, run any tax software outside the hosting bundle, or want the WISP to function as an actual compliance program rather than an annual deliverable. Many firms keep Rightworks for hosting and add WISPWolf for the WISP itself — there is no conflict. If you're comparing tools more broadly, see how WISPWolf compares to EasyWisp.ai, and benchmark your renewal exposure with the cyber insurance questionnaire walkthrough.
The Underlying Question
Is your WISP a document you produce, or a program you run? If it is a program, it has to read from the systems where your data actually lives, and it has to stay current as those systems change. That is true regardless of whether your tax software runs in Rightworks, on a local server, or somewhere else entirely. Start from the free WISPWolf Compliance Starter Kit and take the 15-question Compliance Score to see where the gaps are.
Sources & References
Primary regulatory and standards sources used throughout WISPWolf's compliance guidance.
- IRS Publication 5708 — Creating a Written Information Security Plan
- IRS Publication 4557 — Safeguarding Taxpayer Data
- FTC Safeguards Rule (16 CFR Part 314)
- Gramm-Leach-Bliley Act (GLBA) Safeguards
- IRS Tax Security — Protect Your Clients, Protect Yourself
- NIST Cybersecurity Framework
- Microsoft Security Documentation
Get the free WISPWolf Compliance Starter Kit
Download the starter kit and identify your compliance gaps. Includes an IRS WISP starter template (not a completed customized WISP), FTC Safeguards Rule checklist, GLBA checklist, risk assessment worksheet, cyber insurance guide, and tax preparer compliance checklist.
Get Your Free WISP Compliance Score
See how your firm's security practices compare to FTC Safeguards Rule and IRS WISP expectations. Answer 15 questions and get a personalized scorecard in minutes.
IRS Pub 5708 Compliant · FTC Safeguards Rule · AES-256 Encrypted · No Credit Card Required