Written Information Security Plan

Create new WISP


WISP Sign-in

WISP


Secure Your 2026 PTIN Renewal with Premier IRS WISP

Ready to Upgrade to 2026 IRS WISP? Visit IRS Written Information Security Plan (WISP)

As a PTIN Holder (Preparer Tax Identification Number holder), you should create or update your IRS Written Information Security Plan (WISP) annually.

We empower tax professionals with premier information security solutions that simplify PTIN renewal, ensure full IRS and FTC compliance, and safeguard client data. Our mission is to deliver peace of mind through tailored WISPs that grow and adapt with your practice.

For proactive tax professionals preparing for their 2026 PTIN renewal, we are the premier partner for creating and maintaining a robust Written Information Security Plan. Unlike one-size-fits-all templates, our evergreen WISP solution is continuously updated and managed, ensuring long-term compliance, client trust, and business protection.

Why Your 2026 PTIN Renewal Needs More Than Just an Application

In today’s tax landscape, preparing for your PTIN renewal is about more than just filling out a form. The IRS has made it clear: every tax professional must take data security seriously, and that means having a robust Written Information Security Plan (WISP) in place. We know the challenges you face balancing compliance, client service, and day-to-day operations. That’s why we’ve created a premier WISP solution that simplifies everything.

We see WISP compliance not as a burden, but as an opportunity to elevate your professional reputation. By taking proactive steps now, you not only satisfy IRS requirements but also position your practice as a trusted leader in data protection. When you demonstrate this level of diligence, clients feel confident placing their sensitive information in your hands.

Our experience tells us that generic templates don’t cut it. Every practice—whether you’re a sole preparer or a multi-partner firm—deserves a solution that reflects its unique structure, risks, and goals. That’s what we deliver: a living, breathing compliance framework tailored specifically to you.

When renewal deadlines approach, we know how stressful it can feel. With our WISP service, that stress disappears. We handle the complexity, interpret the regulations, and translate them into a step-by-step plan that integrates seamlessly into your workflow. You stay ahead of threats, avoid penalties, and renew your PTIN with confidence.



IRS 2026 WISP Compliance: Create Your Written Information Security Plan Today for All PTIN Holders
Ready for Tax Season? Visit 2026 IRS WISP

Don't File Taxes Without a 2026-Compliant WISP.

To empower every U.S. tax professional to secure client data, meet IRS W-12 PTIN requirements, and build a resilient tax practice using accessible, affordable, and fully compliant WISP documentation.

Line 11 on the IRS W-12 Form requires you to check a box confirming that you understand and comply with these legal requirements. That means a WISP isn’t optional—it’s mandatory for CPAs, Enrolled Agents, Bookkeepers, and all tax professionals engaged in preparing returns for compensation. Without a current, documented IRS WISP in place, you risk rejection, delays, audits, and possible FTC penalties.

Line 11: Data Security Responsibilities

This line is one of the most critical sections of IRS Form W-12. By signing this section, you certify that you understand and will comply with the IRS’s requirements for safeguarding taxpayer data.

What You Are Certifying:

  1. Secure Systems: You will use secure systems for handling taxpayer data, including encryption, firewalls, and password protection.
  2. Employee Training: You will ensure that all employees with access to taxpayer information are trained on data security best practices.
  3. Written Information Security Plan (WISP): You must maintain a WISP that outlines how your business will protect sensitive information, comply with IRS Publication 4557, and respond to data breaches.
  4. Compliance with Laws: You will adhere to federal and state laws governing data security, including the FTC Safeguards Rule.
  5. Incident Response: You agree to notify the IRS and affected taxpayers promptly if a data breach occurs.

Failing to comply with Line 11 requirements can result in penalties, suspension of your PTIN, or legal consequences. It’s crucial to understand these responsibilities and take appropriate measures to secure taxpayer data.

Itemized Parameters & Attributes for Businesses Creating an IRS WISP

FREE Real-Time Payments Bank Reconciliation
"FREE" Aging Receivables & Real-Time Payments Bank Reconciliation – with all 2026 WISP clients process with us. Real-Time Payments Bank Reconciliation

To support merchants and finance teams of all sizes, TodayPayments.com offers free downloadable templates, including:

  • Aging Accounts Receivable Worksheet: Pre-built with 15, 30, 60, 90+ day tracking
  • Bank Reconciliation Templates: Instantly match payments with deposits across batches
  • ISO 20022 File Format Samples: Plug-and-play structures for batch uploads and Request for Payment message testing

Empowering Accounting Professionals

  • Designated Security Coordinator – Assign responsibility for compliance oversight.
  • Comprehensive Risk Assessment – Identify vulnerabilities across operations.
  • Administrative Safeguards – Written policies, staff training, and enforcement.
  • Technical Safeguards – Multi-factor authentication, encryption, network firewalls.
  • Physical Safeguards – Locked storage, restricted access, surveillance.
  • Vendor Management – Contracts requiring service providers to maintain safeguards.
  • Incident Response Plan – Documented breach response procedures.
  • Regular Monitoring & Testing – Ensure safeguards remain effective.
  • Data Destruction Policies – Secure disposal of physical/digital records.
  • Annual Review & Updates – Keep the WISP evergreen and compliant.

Ask us How:

1. 2026 PTIN renewal with an IRS Written Information Security Plan

As tax professionals prepare for the 2026 filing season, the PTIN renewal process demands more than routine paperwork. Our premier IRS WISP ensures that your firm meets all IRS and FTC Safeguards Rule requirements, protecting both your license and your reputation.

2. How to update your Written Information Security Plan for 2026 IRS requirements

The IRS emphasizes that a WISP must evolve with changing threats. We streamline the update process, guiding you through every step to align your plan with 2026 compliance standards while eliminating unnecessary complexity.

3. Streamline your PTIN application with a compliant WISP

Completing your PTIN application is faster and easier when your WISP is already in place. We provide a ready-to-submit, compliant plan that makes renewal smooth and stress-free.

4. Protect client data with a Premier WISP solution

Your clients trust you with their most sensitive information. Our WISP framework includes advanced safeguards and employee training protocols that defend against identity theft, fraud, and cyber threats.

5. IRS WISP requirements for PTIN renewal in 2026

Tax preparers renewing their PTIN must demonstrate compliance with IRS WISP mandates. We help you implement administrative, technical, and physical safeguards so your firm passes every compliance check with ease.

6. Premier IRS WISP service for tax professionals

Our solution goes beyond compliance. With continuous monitoring, vendor oversight, and incident response planning, our WISP positions you as a proactive, trusted professional in a competitive marketplace.

Top 10 Benefits of Choosing Premier WISP for 2026 PTIN Renewal

  1. Guaranteed IRS Compliance – Always aligned with current IRS/FTC rules.
  2. Effortless WISP Creation – We do the heavy lifting for you.
  3. Proactive Risk Identification – Find and fix vulnerabilities early.
  4. Tailored to Your Practice – Scalable for solo preparers or large firms.
  5. Employee Training Integration – Staff engagement built into the plan.
  6. Continuous Monitoring & Updates – Evergreen security, not one-time compliance.
  7. Robust Incident Response Plan – Clear steps for handling breaches.
  8. Vendor & Third-Party Oversight – Extend security across your ecosystem.
  9. Enhanced Client Trust – Show clients their data is fully protected.
  10. Secure Documentation & Access Control – Keep your plan safe and well-managed.

Each of these features is designed to save you time, protect your clients, and ensure your PTIN renewal is successful without added stress.

2026 Written Information Security Plan (WISP), also known as a IRS Written Data Security Plan (WDSP), is a critical tool for organizations aiming to protect sensitive data, meet compliance standards, and prevent security breaches. For businesses interacting with government agencies like the IRS, FTC, or managing sensitive information regulated by HIPAA, a well-structured WISP ensures both compliance and security.

This guide will walk you through how to create an effective 2026 WISP tailored to government regulations while safeguarding your organization against data breaches.  (or, purchase ours for only $29)

What Is a Written Information Security Plan (WISP)?

A Written Information Security Plan is a formalized document detailing how your organization manages and secures sensitive information. It ensures compliance with regulations and establishes clear procedures for mitigating risks, addressing breaches, and maintaining data integrity.

Why Do Government Agencies Require a WISP?

  • IRS: The IRS mandates secure handling of taxpayer information to prevent identity theft and fraud.
  • FTC: The FTC's Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop a security plan for customer data.
  • HIPAA: Healthcare providers must implement a WISP to comply with the Health Insurance Portability and Accountability Act (HIPAA) and protect patient data.

Key References and Regulatory Framework

  • IRS Publication 1345: Handbook for Authorized IRS e-file Providers
    Provides requirements and recommendations on safeguarding taxpayer e-file data, including proper authentication, data transmission security, and handling of sensitive information.
  • IRS Publication 4557: Safeguarding Taxpayer Data – A Guide for Your Business
    Offers a comprehensive overview of best practices and requirements for protecting taxpayer information, including risk assessments, security controls, and breach response.
  • IRS Publications 5708 and 5709 (If Provided by the IRS Security Summit or Industry Partners)
    These resources typically focus on advanced security measures, incident prevention, and updated threat information for tax professionals. While not as widely referenced as 1345 and 4557, they may provide additional checklists, guidance, or technical recommendations to enhance your security posture.
  • FTC Safeguards Rule (16 CFR Part 314)
    Requires financial institutions—including tax preparers and other entities handling sensitive financial data—to develop, implement, and maintain a comprehensive, written information security program. Aligning your WISP with this rule ensures compliance with the Gramm-Leach-Bliley Act (GLBA).
  • IRS Publication 5293: Protect Your Clients; Protect Yourself
    Focusing on cyber threats, this publication emphasizes the importance of implementing strong security measures to protect client data. It aligns with the WISP’s objective of mitigating risks through proactive data security strategies.

Benefits of a WISP

  1. Regulatory Compliance: Avoid fines and penalties by adhering to agency-specific requirements.
  2. Enhanced Security: Protect against unauthorized access and data breaches.
  3. Reputation Management: Build trust with clients and stakeholders by demonstrating a commitment to data protection.

Steps to Create a IRS Written Data Security Plan (WISP)

1. Conduct a Data Risk Assessment

Start by identifying:

  • What sensitive data you collect: Taxpayer records, healthcare information, financial data, etc.
  • How it’s stored: Physical files, cloud storage, or third-party systems.
  • Who accesses it: Internal employees, contractors, or external vendors.

Action Step: Use tools like data mapping software or data risk assessment templates to catalog sensitive data and assess vulnerabilities.

2. Identify Relevant Laws and Compliance Requirements

Each government agency has unique regulations.


Your WISP must align with these standards:

IRS Compliance

  • Follow IRS Publication 4557 guidelines to safeguard taxpayer data.
  • Use encryption and secure storage for tax records.
  • Ensure that all devices accessing IRS data meet security standards.

FTC Safeguards Rule (GLBA)

  • Create a comprehensive data security program.
  • Regularly monitor and test your safeguards to adapt to emerging threats.

HIPAA Regulations

  • Comply with HIPAA’s Privacy and Security Rules to protect electronic Protected Health Information (ePHI).
  • Implement physical, administrative, and technical safeguards.

Pro Tip: Consult agency-specific resources or legal experts to ensure compliance with evolving regulations.

Records Retention

Federal and IRS guidelines on records retention dictate secure storage and proper disposal of client records. A WISP must include policies for managing records to avoid unauthorized access or breaches.

3. Develop Security Policies and Procedures

A strong IRS WISP should define:

  • Data Access Controls: Implement role-based access to restrict sensitive information to authorized users only.
  • Encryption Standards: Encrypt data during transmission and storage.
  • Incident Response Plans: Prepare a step-by-step protocol for detecting, reporting, and addressing breaches.

4. Train Your Team on Security Best Practices

Even with robust policies in place, human error remains a major risk. Provide ongoing training to employees on:

  • Recognizing phishing scams.
  • Handling sensitive data securely.
  • Following password management best practices.

Action Step: Conduct quarterly security training sessions and mock security drills.

5. Perform Regular Audits and Updates

Regulations and cybersecurity threats evolve rapidly. Periodically review your IRS WISP to:

  • Address new compliance requirements.
  • Identify gaps in current security measures.
  • Integrate the latest cybersecurity technologies.

Pro Tip: Schedule annual reviews or align updates with major compliance deadlines.

Key Roles in Implementing a WISP

  1. Data Security Coordinator (DSC)
    The DSC oversees the development, implementation, and maintenance of the WISP. This includes conducting regular risk assessments, ensuring compliance with data security standards, and coordinating employee training to address potential vulnerabilities.
  2. Public Information Officer (PIO)
    The PIO handles communication about the organization's data security policies, both internally and externally. This role ensures transparency with clients regarding how their sensitive information is protected and addresses any inquiries or incidents involving data breaches.
  3. Personally Identifiable Information (PII)
    The WISP must identify and secure all PII handled by the organization, including sensitive client data managed by PTIN holders, Tax Preparers, and EROs. PII includes Social Security Numbers, financial details, addresses, and other private information critical to tax preparation.

Tools and Resources for WISP Development

  • Cybersecurity Frameworks: Use frameworks like NIST CSF or ISO 27001 as blueprints for your security plan.
  • Agency Resources:
    • IRS: Publication 4557 and IRS e-Services.
    • FTC: Guidance on Safeguards Rule.
    • HIPAA: HHS Cybersecurity Guidance.

Common WISP Mistakes to Avoid

  1. Overlooking Vendor Security: Ensure third-party partners handling your data also comply with IRS, FTC, or HIPAA standards.
  2. Failing to Update Plans: Outdated WISPs can lead to vulnerabilities and non-compliance.
  3. Ignoring Physical Security: Protect workstations, filing systems, and access points.

Checklist for WISP Compliance with Government Agencies

Here’s a quick checklist to ensure your WISP meets key agency requirements:

Requirement

IRS

FTC

HIPAA

Encryption Standards

Access Control Policies

Breach Notification Plan

Employee Training

Regular Audits

Final Thoughts: Start Securing Your Business Today

Creating a Written Information Security Plan (WISP) is essential for protecting sensitive data, complying with government regulations, and preventing costly security breaches. Whether you're managing taxpayer information for the IRS, safeguarding financial records under the FTC's Safeguards Rule, or ensuring patient confidentiality under HIPAA, a comprehensive WISP positions your organization for long-term success.

We know that renewing your PTIN for 2026 isn’t just about checking a box—it’s about protecting your clients, securing your practice, and staying ahead of IRS regulations. With our Premier Written Information Security Plan, you gain a solution that’s effortless, customized, and continuously updated. Don’t settle for generic templates that leave you exposed. Choose a partner that helps you renew with confidence and build trust with every client you serve.

2026> Secure Your 2026 PTIN Renewal Today with Our Premier WISP Solution.

Ready to get started? Begin drafting your WISP today and fortify your business against future risks.


Customize your WISP Template with 50 Agreements, Checklists & Documents Fillable only $29 - Login now!

Contact Us for Written Information Security Plan payment processing

Navigation

Services

Our office

Today Payments Merchant Services
2305 Historic Decatur Road, Suite 100
San Diego, CA 92106
Copyright © Today Payments, Inc. All Rights Reserved.
Written Information Security Plan is a website owned by Today Payments, Inc.
Today Payments, Inc., is an Elavon Payments Partner & Registered Partner/ISO of Elavon, Inc. Georgia, [a wholly owned subsidiary of U.S. Bancorp, Minneapolis, MN]