Written Information Security Plan (WISP)
🧾 What Is a WISP?
It’s our written commitment to data security.
A Written Information Security Plan (WISP) is a formal document that explains how we protect your information — physically, electronically, and procedurally. It's part of our IRS compliance and professional commitment to your safety and peace of mind.
🔍 What Information We Collect
We only collect what we need to serve you properly. We collect the following client information for tax preparation and financial services:
- Full name, address, phone number, and email
- Social Security Number (SSN) or Employer Identification Number (EIN)
- Bank account numbers and tax-related documents
- Any other information you provide to help us serve your financial needs
We do not sell or rent your information under any circumstances.
🔐 How We Protect Your Information
We take a layered approach to data security. Our safeguards include:
1. Physical Security
- Locked file cabinets
- Restricted office access
- Secure disposal of documents (e.g., shredding)
2. Electronic Security
- Password-protected systems
- Encrypted email and secure client portal
- Antivirus software, firewalls, and two-factor authentication (2FA)
3. Employee Training
- Annual cybersecurity training
- Phishing and fraud awareness
- Confidentiality protocols for all staff
👥 Access Controls
Only authorized personnel can access your data.
We strictly control access to your information. Only team members with a business need have permission to view or handle sensitive client data. We also revoke access immediately when someone leaves our team.
🔄 Third-Party Vendors
We only work with secure, vetted partners.
We occasionally use trusted service providers (e.g., IT support, secure hosting platforms). These providers are carefully vetted and required to sign confidentiality agreements and follow strong data security protocols.
🚨 What Happens If There’s a Breach?
We act fast, fix the issue, and notify you. In the rare event of a data breach:
- We contain the threat and secure the systems immediately
- We assess the situation and determine what was compromised
- We notify the IRS, law enforcement (if necessary), and affected clients
- We take corrective action and update our security protocols
You can learn more on our Data Breach Response Plan page.
🧾 Annual Review & Policy Updates
We review our plan every year.
Our WISP is reviewed and updated annually — or sooner if there are changes in technology, team structure, or laws. Any changes are documented and implemented through staff training and updated policies.
🗂 Learn More About Our Commitment to Your Privacy
We want you to feel confident about how your information is being handled. For more details, visit:
- 📃 Privacy Notice – Learn how we collect, use, and share your data
- 🚨 Data Breach Response – See how we respond to incidents
- ❓ Privacy & Security FAQs – Get answers to common client questions
💬 Questions?
We’re happy to answer your questions or help you understand our security practices. Contact us at your convenience. Your information is our responsibility — and we take it seriously.
