The IRS received over 250 reports of data breaches from tax professionals in 2024, impacting more than 200,000 clients. Each one of those reports often triggers an investigation into WISP (Written Information Security Plan) compliance.
As of 2025, the IRS has further tightened requirements, making the attestation of a WISP a standard part of the Preparer Tax Identification Number (PTIN) renewal process. False attestation (claiming to have a WISP when you do not) can be prosecuted as federal fraud. A WISP must be renewed and revisited every five years. The size of your business is not considered.
A WISP is not a template you print and sign
A WISP identifies the mandatory security measures you already have in place. You cannot create one from a template, print one off the IRS website, or pull one out of your tax software and check a box saying you have met all the requirements when you have not. The WISP must honestly represent your current network environment.
Two questions worth asking right now
- Is your WISP compliant with the current IRS requirements?
- Is your IT provider qualified to create and maintain it for you?
We can help
If you don't have a WISP, or you're not sure whether the one you have is valid, contact ControlAltProtect. Call us at (877) 292-3791 or email info@controlaltprotect.com.