WATCH: Expert discussion on the IRS’s WISP template and the importance of a data security plan

Tax pros around the country are beginning to prepare for the 2023 tax season. Whether it be stocking up on office supplies, attending update education events, completing designation CPE or renewing a PTIN, now’s the time to act before things get chaotic. One of the requirements of renewing your preparer tax identification number (PTIN) is to attest to your responsibility to have a data security plan in place to keep your clients’ information safe.

NATP recently hosted a roundtable discussion with Drake Software with industry leaders and tax experts to talk about written information security plans, and the IRS’s recently released template. Panelists include Larry Gray, CPA, and Jared Ballew, who both serve on the Electronic Tax Administration Advisory Committee (ETAAC).

All tax pros can watch this discussion for free and learn how to apply the information to their work. Discussion topics include:

  • What is the Security Summit and its purpose?
  • What is a WISP and what areas should it focus on?
  • What’s the risk of preparers not having a WISP?
  • What are some tools available to tax pros now in advance of the 2023 tax season?

Larry Gray is the government liaison for NATP. He has served on the IRS’s Commissioner’s Advisory Group, ETAAC, IRPAC and IRSAC, and recently testified before the House Ways and Means Committee. 

Jared Ballew is the director of government relations for Drake Software. He is the president of the National Association of Computerized Tax Processors and is the chair of ETAAC and worked on the taxpayer and professional experience subgroup this year.    

Below is a preview of the discussion. To watch the entire video, go to natptax.com/taxestoday.

Video transcript:
Misty Erickson: Good day and welcome to our next session of Taxes Today. We will be covering the Written Information Security Plan, otherwise known as WISP. We have two individuals with us today. Today we have Jared Bellew, who is the director of Government Relations of Drake Software and he is also the president of the National Association of Computerized Tax Processors and is the chair of ETAAC, and the co-chair of the IRS Summit Tax Pros Working Group.
Along with Jared, we have Larry Gray, who is the government liaison for NATP. He has served on the IRS Commissioner’s Advisory Group, ETAAC, IRPAC, and IRSAC and recently testified before the House Ways and Means Committee. Then we also have me and my name is Misty Erickson and I am a tax content specialist with NATP. Today we’re going to start talking about WISP and what you need to know.
First off, I just want to know from Larry and you two can go back and forth as much as you’d like. What is the Security Summit and its purpose?

Larry Gray: Well, the Security Summit was actually, I believe, set up in 2014 by Koskinen, a Commissioner of the IRS. At that point in time, I think it’s focus was actually on what we lack a better term, low hanging fruit. It was the free file area. Then starting in ‘15, they added another group which is Tax Pro subgroup. There’s actually six different groups and I won’t name them all, but there’s a Tax Pro subgroup, there’s a communication subgroup, there’s the authentication subgroup, there’s a banking and finance subgroup.
Each one play a different role in trying to, as outside stakeholders make a difference in the security of the information, both externally, like a tax office and also internally. What I like to do is turn it over, I’m on the Tax Pro subgroup and communication subgroup, so I want to kind of turn it over to my boss co-chair on the Tax Pro subgroup, Jared. Jared, jump in there about our particular group.

Jared Bellew: Thank you Larry, and thank you Misty for having me on. It’s great to be here today. In the Security Summit, we do have a group that is focused on tax professionals. What do tax professionals need to do to make sure that their information and data is secure.
As you know, a lot of the bad actors or cyber criminals like to target tax professionals just simply because of the type of information that you are collecting and the number of files and records that you may have within your practice. Sometimes when you start talking to some of us tech nerds and geeks, we can talk all day about the fine gritty details of security, cybersecurity, and protections. In this security subgroup for tax professionals, it’s where we truly try and bring in our expertise and our experiences from the actual field, from the offices.
We can pair that knowledge of how actual taxes are prepared and that the workflows happen in an office and pair that in with the other side of the other groups that are building the standards and the technology. Together we can bring a more holistic approach to safeguarding data in the tax environment and that’s really what the Tax Pro subgroup is about, is making sure that when we make suggestions and recommendations, when we make changes to security, that it is vetted through an actual real life tax professional in groups and associations.
The subgroup itself is made up of tax software developers. It’s made up of IRS individuals, state tax administrators, and it’s made up of many individuals and tax professional associations, much like NATP and various others. It’s a really broad group. There’s a lot of diversity and opinions coming into how tax administration is done and more importantly, how security and tax administration is handled. That’s kind of an overview of what the Tax Pro subgroup does in the security side.

Misty Erickson: Great, thank you. Just since this has been in the news for a while, and I think one of the big things that came out and I know a lot of NATP members are excited about this, what is an effective list? What should preparers look for because this is a requirement for them if they’re going to have a PTIN. Just explain what they should be doing when they’re setting one up, or what tools are out there.

Tax planning
Taxes Today
Data security
Tax preparation
Tax office
Cybersecurity