It is no secret that data security is critical to any business. Dealing with a data breach, ransomware and other information security issues can be time consuming, expensive and demoralizing.
When the Gramm-Leach-Billey Act was passed in the last century, Congress codified that financial institutions are required to protect customer data.
The FTC—in its implementation of the Act—issued the Safeguards Rule to outline requirements that must be in place in order to keep customer data safe. This includes implementing a Written Information Security Plan (WISP) (Download your FREE WISP Template HERE)
You probably are aware of this, but just in case you are not, tax and accounting firms are considered “Financial Institutions” under the Act.
It gets better for the small firm ………. wait for it ………. a WISP is required regardless of size. Since you are the trusted advisor to your clients, you may be interested to know that the Safeguard Rule also applies to mortgage brokers, real estate appraisers, universities, nonbank lenders and check cashing businesses.
Want to learn more about data security? Register for the FREE Staffing and Security Summit (virtual), Oct. 4-5. To learn more about the Summit, CLICK HERE.
So, what’s included and how do you go about developing and implementing at WISP for your firm or your clients?
As a part of the plan, the FTC requires each firm to:
- Designate one or more employees to coordinate its information security program
- Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks
- Design and implement a safeguards program, and regularly monitor and test it
- Select service providers that can maintain appropriate safeguards by ensuring your contract requires them to maintain safeguards and oversee their handling of customer information
- Evaluate and adjust the program considering relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring
- So where do you start? The Security Summit group—a public-private partnership between the IRS, states and the nation’s tax industry—has developed a sample document that allows tax and accounting professionals to quickly set their focus on developing their own written security plans. The “Creating a Written Information Security Plan for Your Tax and Accounting Practice” document is comprehensive and designed for you, the tax and accounting professional.
You can review the document online, search IRS.gov or simply download it HERE.
Like what you're reading?
Subscribe to our FREE newsletter and we'll deliver content like this directly to your inbox.