For Tax Professionals – PTIN Security Certification

For Tax
Professionals

The PTIN Security Certification is the best way to demonstrate that you have taken protective measures to protect your client’s data.

The Problem

The problem with many tech providers is that they are jack of all trades, master of none. While many do a good job at providing adequate protection, many lack the expertise and oversight that is required for an accounting firm to be confident in their compliance.

Having a PTIN Certified Tech Company conducting your audits and compliance makes it easy for an accounting firm to remain compliant and hold accreditation while knowing that their technology provider is being held accountable at all times.

TAX PROFESSIONAL

WISP Certification

Show your clients and agencies that you are maintaining compliance within the laws. A WISP is required for PTIN renewal each year.

A Certified WISP will contain:

Attestation of Honesty
Proof of audit
Vendors Used
Policies In Place
Employee Training
Disaster Plan & Contacts

*Compliance Cost: $200/ Year

TAX PROFESSIONAL

PTIN Cyber Security Compliance

A PTIN Cyber Security Compliant Tax Professional will need to be able to:

Provide a Certified Written Information Security Plan
Provide an receipt that they are currently using a PTIN Security Certified IT Firm to administer policies and monitoring.
Demonstrate a comprehensive knowledge of cyber compliance for accounting firms
Pass an annual exam for renewing certification
Complete 20 hours of continuing education in the cyber security and accounting field

*Compliance Cost: $999/ Year

Frameworks that Must Be Followed for Compliance

IRS “Security Six”
Publication 4557 – Safeguarding Taxpayer Data
Publication 1075 – Tax Information Security Guidelines
Publication 5293 – Protect Your Clients; Protect Yourself
NISTIR 7621- Small Business Information Security: the Fundamentals

Frequently Asked Questions By Accountants

Audits

There will be periodic random audits (one to four times per year) where an PTIN Certified IT Firm will need to prove that it’s client’s are maintaining compliance.

The IT Firm will need to be able to provide:

Proof of written information security plan (WISP) performed and audited within the last 365 days for the accounting firm.
Proof of active monitoring.
Proof of patch management
Proof of security policies

What if my accounting firm fails an audit?

Your tech firm will be notified first and given a 30 day period to maintain your compliance and accreditation. After 30 days of non-compliance from your administering tech company, you will be notified of non-compliance and given a 60 day period to either get your current firm to pass compliance or change tech firms, allow them to provide proof of policies and monitoring to pass.

Upon 90 days of non-compliance, your accreditation will be marked as expired and need to be recertified.

What if my hired IT firm fails an audit?

The tax professional will be given a 60 day grace period to find a new certified tech provider.

What if I no longer use my current provider who made me compliant and replace in-house or with a IT firm that isn’t certified?

You will lose PTIN Security compliance within 90 days of not having a certified IT firm maintaining your compliance, or show proof that the new service provider is in the process of becoming a PTIN Security Certified Tech Company.