Written Information Security Plans

Overview

This course provides a comprehensive overview of Written Information Security Plans (WISP), focusing on their purpose, requirements, and implementation. Starting with the 2024 PTIN renewal season, all PTIN holders must certify they have a WISP and have trained employees, staff, and contractors as necessary. Participants will explore the history and legal foundation of WISP under the Gramm-Leach-Bliley Act, and how compliance is enforced through Circular 230, AICPA Statements of Standards, and Federal Trade Commission (FTC) regulations. Attendees will gain practical guidance on writing an effective WISP and ensuring compliance with due diligence standards for data security.

Objectives

• Explain the Gramm-Leach-Bliley Act and its requirements for data security
• Review compliance requirements under Circular 230 related to WISP and data security
• Identify AICPA Statements of Standards applicable to WISP
• Understand the essential components of a WISP and how to draft one
• Recognize the role of employee and contractor training in maintaining data security compliance
• Discuss how FTC regulations impact WISP implementation and enforcement
• Evaluate due diligence practices for ensuring WISP compliance
• Develop strategies for monitoring and updating a WISP to meet evolving standards

 

Highlights

• Introduction to the Gramm-Leach-Bliley Act and its impact on data security
• Circular 230 compliance and due diligence for practitioners
• AICPA Statements of Standards relevant to WISP requirements
• Key components of a Written Information Security Plan
• Training requirements for employees, staff, and contractors
• Practical guidance for drafting and implementing a WISP
• FTC enforcement of data security standards for PTIN holders
• Best practices for maintaining and updating WISP compliance