The WISP your firm is required to have, started

A free Word template for the written information security plan that the FTC Safeguards Rule and IRS Pub 4557 expect, with bracketed fields you fill in for your firm.

A free Word WISP template for accounting and tax firms, aligned to the FTC Safeguards Rule and IRS Pub 4557. Document your safeguards with bracketed fields.

FTC & IRS
aligned to Safeguards and Pub 4557
Bracketed fields
fill in your firm in an afternoon
$0
free, no strings, yours to keep

What you'll get

A practical, ready-to-use resource you fill in with your own numbers and keep. No expiring trial, no strings.

WISP Template for Accounting & Tax Firms
editable Word template, yours to keep
Preview

What the WISP template does

If you prepare taxes or keep clients’ financial records, the FTC Safeguards Rule expects you to have a written information security plan, and IRS Pub 4557 points the same direction. Plenty of firms learn this from a renewal questionnaire or a letter, and then face a blank page with no idea what a WISP is supposed to contain.

This template is that page, already structured. You fill in the bracketed fields for your firm, your data, and the safeguards you have in place, and you end up with a documented plan that maps to what the rule asks for. The harder work is making the safeguards real, but having the plan written down is where compliance starts.

Fillable, not theoretical

Bracketed placeholders for your firm, your data, and your safeguards. Fill them in and you have a documented plan, not a stack of generic advice.

The safeguards underwriters expect

Access control, MFA, encryption, endpoint protection, backups, vendor oversight, training, and incident response, each written as a plain section you complete.

A named qualified individual

A section to designate the person who owns your security program, which the Safeguards Rule specifically asks every firm to name.

Built to be reviewed, not filed

Includes a monitoring, testing, and annual review log, so your WISP stays a living document instead of a one-time PDF nobody opens again.

What is inside the template

  • A section to designate your qualified individual, the person who owns the program
  • A data inventory and risk assessment, so you know what you hold and where the risk is
  • Safeguards sections for access control, MFA, encryption, endpoint protection, backups, vendor oversight, training, and incident response
  • A monitoring and testing section to keep the safeguards honest
  • An incident response and breach notification section
  • An annual review log so the plan stays current

A written plan is the start, not the finish

A WISP only protects clients if the safeguards behind it are actually in place and maintained. Use the template to document your plan and find your gaps. If you want help turning the written safeguards into working controls, we are happy to help.

Not sure whether the rule even applies to you?

Before you fill anything in, it helps to confirm you are on the hook. Our article on what a WISP is and whether your firm needs one walks through the FTC Safeguards Rule in plain English, and our compliance hub covers it alongside the other rules small firms face.

How it works

1

Tell us where to send it

Fill in the short form. Just enough so we know who we're helping and can tailor any follow-up, only if you want it.

2

Check your inbox

We email your copy right away, and the download is yours to keep. No expiring trial, no login.

3

Put it to work

Use it on your own, or ask us for a second set of eyes. No pressure either way.

We do not sell your information

You get the file and an email copy for later. That is it. No third-party sharing, ever.

Real local humans built this

Vicinity is a genuinely local IT provider with people in Alaska and Hawaii who support accounting and tax firms.

A working tool, not legal advice

The template helps you document and organize. It is a starting point, not a substitute for counsel or a compliance professional.