WISP & FTC Safeguards Compliance | LAN Services

A documented Written Information Security Plan, a designated point of contact, and ongoing risk assessments — so you’re audit-ready every day, not just the day before the IRS asks.

Book My Free Risk Analysis See What’s Included

Since the FTC Safeguards Rule was updated, every accounting and tax firm handling client financial data is required to have a Written Information Security Plan (WISP), a designated qualified individual to oversee it, and ongoing risk assessments. Most firms don’t. The penalties on a willful violation reach $100,000+ per incident, with daily fines up to $43,000. This service makes that risk go away.

The Problem We Solve

If any of this looks familiar, you’re not alone — but you don’t have to keep living with it.

📋

No documented WISP

If you can’t show one to the IRS, your insurer, or an investigator, you’re exposed. Verbal policies don’t count.

👤

No designated point of contact

FTC Safeguards requires a specific person responsible for security oversight. Most firms don’t have one.

🔄

No ongoing risk assessment

Compliance isn’t a one-time document. The rule requires ongoing risk assessments and updates.

🎓

No security awareness training program

Your team is the front line. Training is required and most firms have nothing in place.

How We Deliver It

We act as your designated qualified individual under the FTC Safeguards Rule, build and maintain your WISP, run the required ongoing risk assessments, deliver employee training, and document everything you’d need to produce in an audit — for the IRS, your cyber insurer, or your clients.

What’s included

Documented Written Information Security Plan (WISP)
Designated qualified individual (FTC Safeguards point of contact)
Initial and annual risk assessments
Information system inventory and data flow mapping
Access controls and authentication policy
Encryption-at-rest and in-transit standards
Vendor and service provider risk management
Incident response plan and testing
Employee security awareness training (with completion tracking)
Annual training refresh and phishing simulations
Audit-ready documentation portal
Ongoing program oversight and policy updates

What Changes for You

IRS-ready, insurer-friendly

When your insurer or the IRS asks for documentation, you produce it in minutes — not weeks.

Penalty exposure cut to near zero

Following a documented program is the single biggest factor regulators look at.

Client trust as a sales asset

Many of your clients (and their auditors) are starting to ask. Being able to say “yes, here’s our WISP” is a closer.

$100K+

Average penalty for a willful FTC Safeguards violation, plus up to $43,000/day. A single weekend of exposure can erase a year of profit.

Frequently Asked

Is the WISP a template, or built for my firm?

Built for your firm. Templates fail audits. We use a proven structure but customize the controls and procedures to match how your firm actually operates.

How long does initial setup take?

Most firms are at “audit-ready” inside 30 days. Risk assessment and inventory are usually done in week one; WISP and policies in week two; training and procedural rollout finish weeks three and four.

Do you cover IRS Pub 4557 as well?

Yes. The FTC Safeguards Rule and IRS Publication 4557 overlap heavily — our WISP covers both.

What if I already have a WISP?

Send it to us. We’ll review it against the current rules and tell you honestly where the gaps are — even if you don’t hire us.

Related Services

24/7 System Monitoring

Continuous monitoring of every endpoint, server, and network device — with after-hours…
Endpoint Security & EDR

Modern threat detection and response on every laptop, desktop, server, and mobile device…
Vendor & Network Management

We become your single point of contact for ISP, VoIP, software vendors, hardware, and…

See What’s Actually at Risk in Your Firm

The Free IT Risk Analysis tells you exactly where you stand on this and every other piece of your IT — and what it would take to close the gaps. No obligation.

Book My Free Risk Analysis