Stop worrying about IRS compliance. We handle it all.
WISP development, security implementation, continuous monitoring, and ongoing compliance management in one package. Everything the IRS and FTC require, implemented and maintained by cybersecurity professionals.
What's Included
Everything you need. Nothing you don't.
Our compliance package covers every requirement from IRS Publication 4557 and the FTC Safeguards Rule, plus the security infrastructure to back it up.
Custom WISP Development
A Written Information Security Plan tailored to your practice size, software stack, and workflow. Not a template fill-in-the-blank. Our security analysts interview your team and build a WISP that accurately reflects how your firm operates.
Risk Assessment and Gap Analysis
A thorough assessment of your current security posture against IRS Publication 4557, FTC Safeguards Rule, and NIST guidelines. You receive a prioritized report showing exactly where you are compliant and where you have gaps.
Security Controls Implementation
We do not just tell you what to fix. We fix it. Our team implements endpoint protection, email security, multi-factor authentication, encryption, firewall configuration, and access controls across your practice.
Employee Security Training
Annual security awareness training for your entire staff, including phishing simulations, social engineering awareness, and role-specific training for employees who handle taxpayer data.
Continuous Monitoring and Alerting
Real-time monitoring of your network, endpoints, and cloud systems for threats. Our automated security platform monitors your environment and our team responds to alerts so you do not have to.
Incident Response Planning and Support
A documented incident response plan with your team's roles and responsibilities, plus access to our incident response team if a breach occurs. We handle containment, investigation, and IRS notification on your behalf.
Annual Penetration Testing
Professional penetration testing conducted by certified ethical hackers. Includes network, application, and social engineering testing with a detailed findings report and remediation guidance.
Ongoing Compliance Management
Quarterly access reviews, semi-annual vulnerability assessments, annual WISP updates, and QI reporting. We maintain your compliance documentation continuously so it is always audit-ready.
Pricing
Choose the right level for your practice
Every tier includes IRS-compliant WISP development and core security controls. Scale up as your practice grows.
Starter
For solo practitioners and small practices with up to 3 staff members who need foundational compliance.
- Custom WISP development and annual updates
- Initial risk assessment with written report
- Multi-factor authentication setup across all systems
- Endpoint protection for up to 5 devices
- Email security and phishing protection
- Annual security awareness training (recorded)
- Annual vulnerability assessment
- Compliance documentation portal access
- Email support with 24-hour response time
- —Continuous automated monitoring
- —Annual penetration testing
- —Incident response team access
- —Quarterly access reviews
- —Dedicated account manager
Professional
For established tax firms with 4-15 staff members who need comprehensive compliance with active monitoring.
- Everything in Starter, plus:
- Continuous monitoring and alerting
- Annual penetration testing by certified team
- Incident response plan and team access
- Quarterly access reviews and documentation
- Semi-annual vulnerability assessments
- Live security awareness training (annual)
- Monthly phishing simulations
- Endpoint protection for up to 20 devices
- Network firewall management
- Dedicated account manager
- Phone support with 4-hour response time
- —On-site security assessments
- —Custom integrations with practice management software
Enterprise
For multi-location firms and tax practices with 15+ staff members who require full-service security and compliance.
- Everything in Professional, plus:
- On-site security assessments (annual)
- Custom integrations with your practice management software
- Unlimited device endpoint protection
- Advanced threat hunting and forensics
- Vendor and third-party risk management
- Board-level compliance reporting
- Custom employee training programs
- Priority incident response (1-hour SLA)
- Quarterly business reviews with security metrics
- Dedicated security engineer
- Multi-location network management
All prices billed monthly. Annual prepayment available at 15% discount. No long-term contract required.
Compare Plans
Detailed feature comparison
| Feature | Starter | Professional | Enterprise |
|---|---|---|---|
| Custom WISP development | |||
| Risk assessment | Annual | Annual | Semi-annual |
| Vulnerability assessments | Annual | Semi-annual | Quarterly |
| Penetration testing | — | Annual | Semi-annual |
| Endpoint protection | Up to 5 | Up to 20 | Unlimited |
| Continuous automated monitoring | — | ||
| Incident response team | — | ||
| Security awareness training | Recorded | Live | Custom |
| Phishing simulations | — | Monthly | Monthly |
| Access reviews | Annual | Quarterly | Quarterly |
| MFA setup and management | |||
| Email security | |||
| Firewall management | — | ||
| Vendor risk management | — | — | |
| On-site assessments | — | — | Annual |
| Dedicated account manager | — | ||
| Support response time | 24 hours | 4 hours | 1 hour |
FAQ
Frequently asked questions
Do I really need all of this as a solo practitioner?
If you have a PTIN and prepare tax returns, the IRS requires you to have a Written Information Security Plan, implement security controls, and conduct annual reviews. The FTC Safeguards Rule adds requirements for risk assessments, encryption, and multi-factor authentication. Our Starter tier covers the essentials at a price point designed for solo practitioners. The cost of non-compliance, both in fines and reputational damage, far exceeds the investment in proper security.
What is a Qualified Individual and do I need one?
The FTC Safeguards Rule requires every covered financial institution, including tax preparers, to designate a Qualified Individual (QI) to oversee their information security program. The QI does not have to be an employee. With our Professional and Enterprise tiers, our team serves as your outsourced QI, handling all reporting and oversight requirements.
How is this different from just buying antivirus software?
Antivirus is one small piece of a compliance program. The IRS and FTC require a written security plan, risk assessments, access controls, encryption, employee training, incident response planning, and ongoing monitoring. Our package addresses all of these requirements comprehensively. Antivirus alone does not satisfy any single regulatory requirement on its own.
What happens if I have a data breach?
With our Professional and Enterprise tiers, our incident response team activates immediately. We contain the breach, preserve evidence, conduct a forensic investigation, and handle mandatory notifications to the IRS (Form 14039), FTC, state attorneys general, and affected taxpayers. We also manage post-incident remediation and documentation. Starter tier clients receive guidance and documentation support.
Can I switch tiers as my practice grows?
Yes. You can upgrade at any time. When you move from Starter to Professional, we add continuous monitoring and penetration testing to your existing program without any disruption. Your WISP, training records, and compliance documentation carry over seamlessly.
How long does the initial setup take?
Starter tier clients are typically fully operational within 2 weeks. Professional tier takes 3-4 weeks due to the additional monitoring and infrastructure setup. Enterprise engagements typically require 4-6 weeks for the initial implementation, including on-site assessments and custom integrations.
Is there a contract or can I cancel anytime?
We offer month-to-month billing with no long-term contract required. However, we recommend committing to at least 12 months to complete a full compliance cycle including annual penetration testing and risk reassessment. Annual prepayment is available at a 15% discount.
Your clients trust you with their data. Trust us with your security.
Schedule a free 30-minute consultation. We will review your current compliance status and recommend the right package for your practice. No obligation, no pressure.