Please have ready:
Completed WISP (with personal client information redacted) and receipt of payment
SOP demonstrating the policies you currently have in place or plan to have in place.
Proof of at least two years of five or more tax professional endpoints under management.
For IT Firms: List of vendors used in standard security stack
Publication 5293 – Data Security Resource Guide for Tax Professionals
Publication 1345 – Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns
Publication 3189 – Standards for Safeguarding Customer Information
Publication 4557 Safeguarding Taxpayer Data Quick Reference Guide for Business
Publication 4810 – E-file Application and Participation
- IRS Security Six Checklist
- Remote Monitoring & Management Tool(s)
- Patch Management (Windows & 3rd Party)
- Server Policies
- Active Directory Policies
- Standard Group Policies
- National Institute of Standards and Technology (NIST) Cybersecurity Framework
- Federal Trade Commission (FTC) Safeguards Rule
- International Organization for Standardization (ISO) 27001
- Payment Card Industry Data Security Standard (PCI DSS)
- Center for Internet Security (CIS) Controls
- Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing
- Information Technology Infrastructure Library (ITIL) Cyber Resilience Best Practices
- Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials
- National Cyber Security Centre (NCSC) Cyber Security Guidance for Small Business
- Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Framework Implementation Guidance
- European Union Agency for Cybersecurity (ENISA) Cybersecurity Guides
- Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool
- SANS Institute Security Awareness Training Framework
- National Security Agency (NSA) Cybersecurity Advisory Guidance
- The Open Web Application Security Project (OWASP) Top Ten
- Internet Engineering Task Force (IETF) Security Guidelines and Best Practices
- The Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
- The U.S. Computer Emergency Readiness Team (US-CERT) Cybersecurity Advisories
- Information Security Forum (ISF) Standard of Good Practice for Information Security