Protect Your Practice. Protect Your Clients. Stay Compliant.
WISP & Cybersecurity solutions for tax professionals — offered through APEX Tax Solutions and our sister company, Apex Tech 4 Tax Pros. IRS-compliant. Bilingual. Built specifically for tax offices in Dallas and across the U.S.
This is not optional. IRS Form W-12, Line 11 requires every PTIN holder to certify they have an active WISP at renewal. Falsely certifying compliance is perjury on a federal form. Without a compliant WISP, your PTIN — and your ability to prepare returns — is at risk.
What’s At Stake Without a WISP
- PTIN revoked — cannot prepare returns
- EFIN suspended — cannot e-file
- FTC fines: $50K–$100K per violation
- Civil liability for client data breaches
- Cyber insurance claims denied
- Criminal prosecution for false PTIN attestation
The Real Consequences
No WISP = Real Legal Exposure
Tax professionals are classified as financial institutions under federal law. That means the same data protection standards that apply to banks apply to your tax office — regardless of size.
PTIN Revocation
The IRS tied WISP attestation to PTIN renewal on Form W-12, Line 11. Without a compliant plan, your PTIN renewal is jeopardized — meaning you cannot legally prepare federal tax returns.The IRS tied WISP attestation to PTIN renewal on Form W-12, Line 11. Without a compliant plan, your PTIN renewal is jeopardized — meaning you cannot legally prepare federal tax returns.
Cannot file returns
FTC Fines
The FTC enforces the Gramm-Leach-Bliley Safeguards Rule against tax preparers. Civil penalties reach $50,120 per violation (2025 figure) — with ongoing violations accruing up to $43,792 per day.
Up to $100,000/violation
Civil Liability
If a client’s data is breached and you have no documented WISP, you have no security record to defend yourself in court. Clients can sue under state consumer protection laws — with no documented plan to point to.
Personal civil liability
Cyber Insurance Denied
Most cyber liability carriers will not quote coverage without an active WISP. After a breach, insurers audit your security program before paying claims. No WISP means denied claims — even with a policy.
Claims denied without WISP
Phishing & Data Theft
Tax professionals are prime targets for phishing attacks, EFIN theft, and ransomware. Without training and technical safeguards, a single employee click can expose thousands of clients’ financial data.
4,000+ PTINs lost annually
With APEX + Apex Tech 4 Tax Pros
A compliant, customized WISP. Cybersecurity training. Cloud security tools. All tailored for tax professionals — bilingual support included. Get compliant before your next PTIN renewal.
Full protection, one partner
Why Security & Compliance Matter
Tax professionals manage highly sensitive financial and personal information every day. As cyber threats continue to increase, having proper security procedures and staff training in place is more important than ever.
Our WISP & Cybersecurity Training helps tax businesses understand how to improve data protection practices, reduce security risks, and create a safer environment for both clients and staff.
This training is designed to help tax professionals:
- Improve internal security awareness
- Protect confidential client information
- Reduce exposure to cyber threats
- Strengthen office security procedures
- Build better compliance-focused processes
Mandatory For
Who Is Required to Have a WISP?
If you prepare tax returns for compensation and handle client personal financial information — this applies to you. No exceptions for firm size, seasonal status, or return volume.
Individual Tax Preparers
File 11+ returns? You are required to maintain a WISP under IRS Pub 4557.
Tax Office Owners
Responsible for your entire staff’s compliance — and liable for every return filed under your EFIN.
Service Bureaus
As a service bureau, you manage data for multiple preparers — requiring a WISP that covers your full network.
CPAs & Enrolled Agents
Licensed practitioners are subject to both IRS Pub 4557 and FTC Safeguards Rule requirements.
Bookkeepers
Handling nonpublic personal financial information makes you a covered financial institution under GLBA.
Financial Professionals
Any professional collecting SSNs, income data, or bank account information for compensation is covered.
Administrative Staff
Every team member who touches client data needs security awareness training — not just the preparer.
Remote Tax Teams
Remote workers accessing client data from personal devices face heightened security risks — and the same legal requirements.
Solo Practitioners
Even a solo preparer working from a home office is classified as a financial institution under federal law.
Our Sister Company
Two Companies. One Ecosystem. Complete Protection for Tax Professionals.
APEX Tax Solutions handles your tax software, training, and service bureau needs. Apex Tech 4 Tax Pros — our sister company — handles your cybersecurity, WISP compliance, and IT security. Together, we cover everything a modern tax office needs to operate safely, legally, and efficiently.
APEX Tax Solutions
Tax Software & Training
ProWeb · Desktop Premium · Software Training · Service Bureau Partnership · Bank Products
Apex Tech 4 Tax Pros
WISP & Cybersecurity
Customized WISP · Virtual Desktop · Secure Email · Cybersecurity Training · Cloud Security · Compliance
Available Products & Services
WISP & Cybersecurity Solutions for Tax Pros
All products below are offered through Apex Tech 4 Tax Pros — our sister company — and available to APEX Tax Solutions clients. Contact us or visit apextech4taxpros.com to order.
Seasonal Plan
APEX Virtual PC WISP Seasonal
$649.99
Was $1,000.00
January through April · Perfect for seasonal tax preparers
Seasonal (Jan – Apr)
🎁 WISP Document Included FREE (Value: $500)
- Virtual PC — secure cloud desktop for your tax software
- Secure cloud storage (Secure Drive)
- Secure business email account
- Password manager included
- Multi-Factor Authentication (MFA) setup
- Spam filters and antivirus/anti-phishing protection
- Encrypted data protection
- VPN for secure remote access
- Customized WISP document — FREE with subscription
- IRS Publication 4557 & FTC Safeguards Rule compliant
No hidden fees. No per-return charges. Questions? Call (945) 319-8633
⭐ Best Value — Annual Plan
APEX Virtual PC WISP Yearly
$1,099.99
Was $1,500.00
Full year coverage · Best for year-round tax professionals
Per year (12 months)
🎁 WISP Document Included FREE (Value: $500)
- Virtual PC — secure cloud desktop, year-round access
- Secure cloud storage (Secure Drive) — full year
- Secure business email — full year
- Password manager — full year
- Multi-Factor Authentication (MFA) setup
- Spam filters, antivirus, anti-spyware, anti-phishing
- Firewall protection and VPN for remote access
- Secure file transfer tools
- Encryption for data at rest and in transit
- Customized WISP document — FREE with subscription
- IRS Pub 4557 & FTC Safeguards Rule compliant
- Off-season protection — your data stays secure year-round
No hidden fees. No per-return charges. Questions? Call (945) 319-8633
Customized WISP Documents
IRS Pub 4557 & FTC Safeguards Rule compliant — in English and Spanish
WISP IT System Assessment
Full risk assessment, customized WISP document, incident response plan, employee cybersecurity training, and follow-up maintenance review. Book at apextech4taxpros.com.
Customized WISP Template (English)
A fully customized, professionally written WISP tailored to your firm’s specific processes — aligned with IRS Pub 5708 and FTC guidelines. Downloadable immediately.
Plan de Seguridad (WISP en Español)
Plan de Seguridad de la Información completamente personalizado en español — cumple con la Ley Gramm-Leach-Bliley y las directrices de la FTC y el IRS.
Cloud Services
Secure cloud infrastructure for tax professionals — access your tools safely from anywhere
Virtual Desktop (Virtual PC)
A secure, cloud-based virtual computer for running your tax software. Access from any device — no local installation, no data stored on your personal machine.
Secure Business Email
Professional, encrypted email for your tax office. Send and receive sensitive client documents securely — never rely on personal Gmail or Yahoo for client communications.
Secure Drive (Cloud Storage)
Encrypted cloud storage for client files, tax returns, and office documents — accessible from any device, protected from ransomware and local hardware failure.
Password Manager
Manage strong, unique passwords across all tax software platforms and client portals without the security risk of reusing passwords or storing them in spreadsheets.
Secure Virtual Network
Private, encrypted network access for your entire team — preventing unauthorized access to your systems when working remotely or across multiple office locations.
Secure File Transfer
Share client documents, W-2s, and tax returns through encrypted transfer channels — eliminating the risk of interception when exchanging files with clients and partners.
Cybersecurity Protection Tools
Technical safeguards that protect your office from attacks, breaches, and unauthorized access
Multi-Factor Authentication (MFA)
Required under the FTC Safeguards Rule. MFA adds a second layer of verification so stolen passwords alone cannot access your tax software or client data.
Spam Filters & Email Protection
Block phishing emails, malware attachments, and fraudulent IRS impersonation scams before they reach your inbox — the #1 entry point for tax office data breaches.
Antivirus, Anti-Spyware & Anti-Phishing
Comprehensive endpoint protection for all devices used in your office — detecting and blocking malware, spyware, ransomware, and phishing attacks in real time.
Firewall Protection
Network-level security that monitors and controls incoming and outgoing traffic — preventing unauthorized access to your office systems and client data networks.
Data Encryption
Encrypt client data both in transit and at rest — ensuring that even if data is intercepted, it cannot be read or used by unauthorized parties.
VPN (Virtual Private Network)
Secure, encrypted internet connections for remote preparers and multi-location offices — protecting all data transmitted between your team members and your software.
Web Services
Professional web infrastructure for tax office digital presence and online securit
Web Hosting
Secure, professionally managed web hosting for your tax office website — with uptime reliability and security monitoring included.
Domain Registration
Secure and register a professional domain name for your tax business — with privacy protection to keep your personal information off public records.
SSL Certificates
Encrypt all data transmitted through your website — required for any site that collects client information, and a trust signal that clients and search engines both look for.
Web Analytics
Understand how clients find and use your website — traffic sources, popular pages, and conversion data to help grow your online presence each season.
Understanding WISP
What Is a Written Information Security Plan?
A WISP is not a suggestion — it is a federally mandated cybersecurity document required by law for every tax professional handling client financial data.
A Written Information Security Plan (WISP) is a formal, documented policy that describes how your tax office collects, stores, protects, and disposes of sensitive client information — including Social Security numbers, income records, and bank account details.
Under the Gramm-Leach-Bliley Act (GLBA), tax preparers are classified as financial institutions — subject to the same data protection requirements as banks and credit unions. The FTC Safeguards Rule enforces this requirement, and the IRS reinforces it through Publication 4557, making a WISP mandatory for any tax professional who files 11 or more returns per year.
A compliant WISP must cover: who is responsible for data security, how you identify and manage risks, what technical and physical safeguards are in place, how you train employees, how you vet vendors, and — critically — what you will do when a breach occurs.
Your WISP must address:
- Designated Qualified Individual responsible for your security program
- Risk assessment — identifying how client data could be compromised
- Technical safeguards: MFA, encryption, access controls, firewalls
- Physical safeguards: office security, locked storage, device controls
- Employee security training and awareness program
- Vendor and service provider oversight procedures
- Incident response plan — what to do when a breach occurs
- Annual review and update of the plan
The Legal Framework
- Gramm-Leach-Bliley Act (GLBA)
Classifies tax preparers as financial institutions. Enacted in 1999, enforced through the FTC Safeguards Rule.
- FTC Safeguards Rule (16 CFR Part 314)
Requires all covered financial institutions — including tax preparers — to implement and maintain a written information security program.
- IRS Publication 4557
“Safeguarding Taxpayer Data” — IRS guidance requiring all authorized e-file providers to maintain a WISP with specific technical and administrative safeguards.
- IRS Publication 5708
Provides a sample WISP framework covering nine key areas, specifically designed for small to mid-size tax practices.
- IRS Form W-12, Line 11
PTIN renewal now requires attestation of WISP compliance. False certification is perjury on a federal form — a criminal offense.
Cybersecurity Awareness Training
Train Your Team. Reduce Your Risk.
Human error is the #1 cause of tax office data breaches. One employee clicking a phishing email can compromise thousands of client files. Apex Tech 4 Tax Pros offers a certified training program built for tax office teams.
Cyber Security Awareness Training & Certificate
Online, self-paced cybersecurity awareness training specifically designed for tax office staff. Covers real-world threats facing tax professionals — phishing, ransomware, identity theft, and secure remote work practices. Includes a completion certificate and LinkedIn badge.
- Courses up to 90 minutes — complete at your own pace
- Best practices for remote employees and multi-location teams
- Phishing simulator to test and train your staff in real scenarios
- Automatic email reminders to learners who haven't completed
- Gamification that engages — not boring compliance videos
- Completion certificate + LinkedIn badge for each participant
HIPAA Compliant
PCI Compliant
SOX Compliant
GDPR & CCPA
Cyber Insurance Ready
IRS Pub 4557
🏆 Completion Certificate & LinkedIn Badge Included
🌐 WISP disponible completamente en español
Nuestro plan de seguridad de la información (WISP) está disponible en español — personalizado para su empresa, cumpliendo con la Ley Gramm-Leach-Bliley y los requisitos del IRS y la FTC.
Common Questions
WISP & Cybersecurity FAQs
The most important questions tax professionals ask — answered clearly and directly.
Please reach us at info@apxtax.com if you cannot find an answer.
Yes. The requirement applies to every tax professional who files 11 or more federal returns per year — regardless of firm size, the number of employees, whether you work from home, or whether you are a seasonal preparer. There are no size exemptions. The IRS has made WISP attestation a part of PTIN renewal on Form W-12, Line 11. Falsely certifying compliance is perjury on a federal form and can result in criminal prosecution, PTIN revocation, and FTC enforcement action.
IRS Form W-12, Line 11 asks you to certify that you have a written security plan in place. Without one, your PTIN renewal can be jeopardized — and without an active PTIN, you cannot legally prepare federal tax returns for compensation. Additionally, the FTC can impose fines of up to $50,120 per violation and up to $43,792 per day for ongoing violations. The IRS can also suspend or revoke your EFIN. In the event of a data breach without a documented WISP, you face civil liability with no security record to defend yourself.
A generic template is a starting point — but the IRS and FTC expect your WISP to reflect your firm’s actual security practices, not a generic document. A free template that doesn’t describe your specific systems, staff responsibilities, and security controls is unlikely to satisfy an audit or an incident investigation. Apex Tech 4 Tax Pros provides fully customized WISPs tailored to your specific firm — covering your actual processes, your team structure, and your technology environment. This is what “compliant” actually means.
The Virtual PC is a secure, cloud-hosted computer that you access through your browser or a lightweight app. You run your tax software, store files, and handle all client data on this virtual machine — not on your personal computer. This means your client data is never stored locally on a personal device, is protected even if your computer is lost or stolen, is backed up automatically, and is accessible from any device. It’s one of the most effective security upgrades a tax office can make.
Available Products & Services
WISP & Cybersecurity Solutions for Tax Pros
All products below are offered through Apex Tech 4 Tax Pros — our sister company — and available to APEX Tax Solutions clients. Contact us or visit apextech4taxpros.com to order.
☁️
TaxSlayer ProWeb
Cloud-based tax software — $699/season
- Unlimited 1040 e-filings, all 50 states
- Client portal, e-signatures, mobile app
- Bank product integration — RAL up to $7K
- Multi-user access with role permissions
- APEX bilingual setup & support included
🖥️
Desktop Premium
Corporate tax software — all business entities
- All business returns: 1120, 1065, 1041, 990, 706, 709
- PaperCut document management system
- Digital signature pads + Twilio SMS
- Unlimited 1040 + business e-filings
- APEX bilingual setup & support included
🏢
Sub Service Bureau
Build your own tax software business
- White-label software under your brand
- $5,000–$20,000 bonus commission (250+ bank products)
- Full admin control over your preparer network
- 7+ revenue streams per season
- Minimum 250 funded bank products required
Get Compliant. Stay Protected.
Don’t risk your PTIN, your EFIN, or your clients’ data. APEX Tax Solutions and Apex Tech 4 Tax Pros have everything you need — customized WISP, cybersecurity tools, and bilingual support — to protect your practice and stay compliant with federal law.
WISP & cybersecurity products offered through Apex Tech 4 Tax Pros · 1910 Pacific Ave Suite 2000 #2746, Dallas, TX 75201 · info@at4tp.com