
A new data-security requirement landed mid-season. His answer was already written — the WISP, the access reviews, the evidence. He read the one-page summary between returns and didn’t stop working.
The paperwork was ready before anyone asked. That’s the job.
CPA firm IT · FTC Safeguards Rule · IRS Publication 4557 · WISP · cyber insurance readiness · secure file exchange · Connecticut
We already know where it hurts
How the visit usually startsLine 11 on the W-12 — acknowledging a required WISP under penalty of perjury. A cyber-insurance renewal landing mid-season. Or a client asking, politely, how exactly their data is protected.
A season that can’t pause for downtime
In March, an hour offline isn’t an inconvenience — it’s returns that don’t get filed and clients who notice.
Compliance that keeps moving
The FTC Safeguards Rule and IRS Publication 4557 expect a written plan, real controls, and evidence — not good intentions.
Wire fraud aimed straight at you
Your firm moves money and sensitive data. That makes your inbox a target the other 49 weeks too.
The work behind the quiet
- —A written information security plan (WISP) aligned to FTC Safeguards and IRS Pub 4557
- —Least privilege and periodic access reviews
- —Hardened Microsoft 365 with email security and managed detection
- —Secure file exchange so client documents don’t live in email
- —After-hours maintenance with rollback — never during the crunch
- ✓Fewer interruptions when it matters most
- ✓Approvals before changes, evidence on request
- ✓Bills match the plan you approved
