For accounting & tax firms

Cybersecurity and compliance, handled.

The FTC and the IRS now require every tax preparer and accounting firm to maintain a written security program. We build it, run it, and update it for you — so you can keep doing what your clients pay you for.

Book a free health check What the rule says

Why this matters now

Three federal requirements. One program meets all of them.

If your firm prepares tax returns, holds a PTIN, or earns fees on financial activity for clients, federal law now treats you as a "financial institution" — and that means a written, maintained security program isn't optional.

FTC Safeguards Rule

$50,120

Maximum civil penalty per violation. The Safeguards Rule applies to every firm engaged in "financial activities" — including tax preparation. Each missing safeguard can count as a separate violation.

16 CFR Part 314 · FTC enforcement authority

IRS Publication 4557

WISP

Every PTIN holder must maintain a Written Information Security Plan. IRS Publication 4557 lays out the requirements; firms without one can be flagged on examination and lose e-file privileges.

IRS Pub 4557 · Safeguarding Taxpayer Data

Form W-12 Certification

Signed

Since 2024, every PTIN application and renewal includes a question certifying — under penalty of perjury — that you maintain a current data security plan. There's no "I'll get to it later" answer.

IRS Form W-12 · PTIN application / renewal

What we do

A complete program — built for firms like yours.

Most cybersecurity vendors sell you tools and leave you to figure out the rest. We're a managed service: the program, the documents, and the day-to-day work are ours. Here's what you actually get.

  • Written Information Security Plan (WISP) drafted, signed, and kept current
  • Incident response playbook with named roles and contacts
  • Risk assessment refreshed annually against IRS Pub 4557
  • Annual tabletop exercise (so the plan isn't just paper)
  • Microsoft 365 / Google Workspace posture continuously monitored
  • Email threat scanning — phishing, BEC, credential theft — with operator review
  • Dark web monitoring for firm and client credentials
  • Quarterly external attack-surface scans
  • Weekly operator-reviewed briefings — what to act on, what to ignore
  • Monthly board-ready PDF report — forward it to your partners or insurance broker
  • Direct messaging with your operator (no ticket queue)
  • Documentation packet ready for cyber insurance renewals

Related firms

Built for the firms regulated alongside you

The FTC Safeguards Rule and GLBA cover the whole financial-services neighborhood. We work with bookkeeping practices, financial advisers, and insurance agencies on the same program — built once, maintained for all of them.

Free, no pressure

See where your firm actually stands.

Book a 60-minute health check. We'll review your Microsoft 365 settings, your dark web exposure, and your existing WISP (if you have one) — and send you a written report within 48 hours. You'll know exactly what's missing, whether you sign with us or not.

Book the call