PTIN security requirements explained
Every tax preparer with a PTIN must meet specific cybersecurity requirements. Here's exactly what you need and how to document it.
Security Checklist
What the IRS requires from PTIN holders
Based on IRS Publication 4557 and the FTC Safeguards Rule, these are the mandatory security requirements for all tax preparers.
Written Information Security Plan
All tax return preparers with a PTIN are required to maintain a written data security plan per IRS Publication 4557.
Employee Background Checks
Verify the identity and suitability of employees who handle taxpayer information.
Annual Security Training
All staff must receive annual training on recognizing and preventing security threats.
Incident Response Plan
Document procedures for detecting, responding to, and recovering from data breaches.
Data Encryption
Encrypt taxpayer data at rest and in transit using industry-standard protocols.
Multi-Factor Authentication
Enable MFA on all systems that access, store, or transmit taxpayer data.
Step by Step
Your path to PTIN compliance
Review Requirements
Understand IRS Publication 4557 and FTC Safeguards Rule obligations.
Assess Current State
Evaluate your existing security measures against requirements.
Create Your WISP
Document your security plan using our compliant templates.
Implement Controls
Deploy required security measures and train your team.
Monitor & Review
Conduct annual reviews and update your documentation.
Don't risk non-compliance
Get your required PTIN documentation in order with our compliant templates and expert guidance.