The PTIN Security Certification is the best way to demonstrate that you have taken protective measures to protect your client’s data.
The problem with many tech providers is that they are jack of all trades, master of none. While many do a good job at providing adequate protection, many lack the expertise and oversight that is required for an accounting firm to be confident in their compliance.
Having a PTIN Certified Tech Company conducting your audits and compliance makes it easy for an accounting firm to remain compliant and hold accreditation while knowing that their technology provider is being held accountable at all times.
Show your clients and agencies that you are maintaining compliance within the laws. A WISP is required for PTIN renewal each year.
A Certified WISP will contain:
- Attestation of Honesty
- Proof of audit
- Vendors Used
- Policies In Place
- Employee Training
- Disaster Plan & Contacts
*Compliance Cost: $200/ Year
PTIN Cyber Security Compliance
A PTIN Cyber Security Compliant Tax Professional will need to be able to:
- Provide a Certified Written Information Security Plan
- Provide an receipt that they are currently using a PTIN Security Certified IT Firm to administer policies and monitoring.
- Demonstrate a comprehensive knowledge of cyber compliance for accounting firms
- Pass an annual exam for renewing certification
- Complete 20 hours of continuing education in the cyber security and accounting field
*Compliance Cost: $999/ Year
Frameworks that Must Be Followed for Compliance
- IRS “Security Six”
- Publication 4557 – Safeguarding Taxpayer Data
- Publication 1075 – Tax Information Security Guidelines
- Publication 5293 – Protect Your Clients; Protect Yourself
- NISTIR 7621- Small Business Information Security: the Fundamentals
Frequently Asked Questions By Accountants
There will be periodic random audits (one to four times per year) where an PTIN Certified IT Firm will need to prove that it’s client’s are maintaining compliance.
The IT Firm will need to be able to provide:
- Proof of written information security plan (WISP) performed and audited within the last 365 days for the accounting firm.
- Proof of active monitoring.
- Proof of patch management
- Proof of security policies
What if my accounting firm fails an audit?
Your tech firm will be notified first and given a 30 day period to maintain your compliance and accreditation. After 30 days of non-compliance from your administering tech company, you will be notified of non-compliance and given a 60 day period to either get your current firm to pass compliance or change tech firms, allow them to provide proof of policies and monitoring to pass.
Upon 90 days of non-compliance, your accreditation will be marked as expired and need to be recertified.
What if my hired IT firm fails an audit?
The tax professional will be given a 60 day grace period to find a new certified tech provider.
What if I no longer use my current provider who made me compliant and replace in-house or with a IT firm that isn’t certified?
You will lose PTIN Security compliance within 90 days of not having a certified IT firm maintaining your compliance, or show proof that the new service provider is in the process of becoming a PTIN Security Certified Tech Company.
Frequently Asked Questions By Tech Firms
My client won't let me administer policies that are required, can they pass compliance?
No, they will not be compliant unless they pass all requirements set by the PTIN Security Group.
We no longer manage a client, what happens to their compliance?
If they cannot provide a replacement provider within a 90 day grace period, their compliance will be removed.