{"id":5836,"date":"2026-01-29T05:45:48","date_gmt":"2026-01-29T05:45:48","guid":{"rendered":"https:\/\/www.acobloom.com\/us\/?p=5836"},"modified":"2026-04-09T11:39:33","modified_gmt":"2026-04-09T11:39:33","slug":"irs-tax-preparer-security-requirements","status":"publish","type":"post","link":"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/","title":{"rendered":"IRS Tax Preparer Security Requirements: What Firms Must Comply With\u00a0"},"content":{"rendered":"\n<p>CPA firms that have access to confidential client data are responsible for how this data is stored, processed, and disseminated. Given the sensitivity of this information, tax preparers are expected by the IRS to follow specific and strict tax preparer security requirements. These firms must adhere to these standards and ensure compliance at all times.<\/p>\n\n\n\n<p>These requirements, established under the Gramm-Leach-Bliley Act (GLBA) and enforced by the IRS, apply to all CPA firms.<\/p>\n\n\n\n<p>Failure to comply with IRS tax preparer security requirements can result in fines of up to $100,000 per violation. In addition to financial penalties, firms may face legal consequences and significant reputational damage following a data breach. Once a data leak is identified, government regulators often increase investigations and audits. Perhaps most damaging is the loss of client trust.<\/p>\n\n\n\n<p>To avoid fines and maintain the integrity and confidence of their clients, CPA firms must strictly follow IRS security rules.<\/p>\n\n\n\n<p>This blog serves as a guide for CPA firms on the security requirements expected by the IRS.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_50 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69f407ca3f11d\" aria-hidden=\"true\"><span style=\"display: flex;align-items: center;width: 35px;height: 30px;justify-content: center;direction:ltr;\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/label><input  type=\"checkbox\" id=\"item-69f407ca3f11d\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#IRS_security_requirements_for_tax_preparers\" title=\"IRS security requirements&nbsp;for tax preparers&nbsp;&nbsp;\">IRS security requirements&nbsp;for tax preparers&nbsp;&nbsp;<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#A_Written_Information_Security_Plan_WISP\" title=\"A Written Information Security Plan (WISP)&nbsp;\">A Written Information Security Plan (WISP)&nbsp;<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Governance\" title=\"Governance&nbsp;\">Governance&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Risk_assessment\" title=\"Risk assessment&nbsp;\">Risk assessment&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Access_controls_authentication%E2%80%AF\" title=\"Access controls &amp; authentication\u202f&nbsp;\">Access controls &amp; authentication\u202f&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Encryption_and_protection_of_data_in_transit_and_at_rest\" title=\"Encryption and protection of data in transit and at rest&nbsp;\">Encryption and protection of data in transit and at rest&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Employee_training_and_background_checks\" title=\"Employee training and background checks&nbsp;\">Employee training and background checks&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Incident_response_and_breach_notification_procedures\" title=\"Incident response and breach notification procedures&nbsp;\">Incident response and breach notification procedures&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Data_retention_and_secure_disposal_policies\" title=\"Data retention and secure disposal policies&nbsp;\">Data retention and secure disposal policies&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Vendor_management_and_due_diligence%E2%80%AF\" title=\"Vendor management and due diligence\u202f&nbsp;\">Vendor management and due diligence\u202f&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Security_Six\" title=\"Security Six&nbsp;\">Security Six&nbsp;<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Antivirus_Software\" title=\"Antivirus Software&nbsp;\">Antivirus Software&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Firewalls_that_are_properly_set_up%E2%80%AF\" title=\"Firewalls that are properly set up\u202f&nbsp;\">Firewalls that are properly set up\u202f&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Multi-Factor_Authentication_MFA\" title=\"Multi-Factor Authentication (MFA)&nbsp;\">Multi-Factor Authentication (MFA)&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Secure_backups_of_data%E2%80%AF\" title=\"Secure backups of data\u202f&nbsp;\">Secure backups of data\u202f&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Encryption_of_data_for_stored_and_transmitted_data%E2%80%AF\" title=\"Encryption of data for stored and transmitted data\u202f&nbsp;\">Encryption of data for stored and transmitted data\u202f&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Virtual_Private_Network_VPN\" title=\"Virtual Private Network (VPN)&nbsp;\">Virtual Private Network (VPN)&nbsp;<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-tax-preparer-security-requirements\/#Conclusion\" title=\"Conclusion&nbsp;\">Conclusion&nbsp;<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IRS_security_requirements_for_tax_preparers\"><\/span>IRS security requirements&nbsp;for tax preparers&nbsp;&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>According to IRS mandates, there are two major&nbsp;<strong>IRS tax preparer security requirements<\/strong>&nbsp;that CPA firms must follow.&nbsp;Both of these&nbsp;security standards were recently developed by the IRS and cover data security practices CPA firms are&nbsp;obligated&nbsp;to implement.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"A_Written_Information_Security_Plan_WISP\"><\/span>A Written Information Security Plan (WISP)&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A <a href=\"https:\/\/www.acobloom.com\/us\/blog\/wisp-compliance-and-managing-client-data-protocols\/\" target=\"_blank\" rel=\"noreferrer noopener\">Written Information Security Plan (WISP)<\/a> is an official, documented program that outlines a CPA firm\u2019s methods for protecting sensitive information, especially client data, through a combination of administrative, technical, and physical controls. It&nbsp;essentially serves&nbsp;as a roadmap for a CPA firm\u2019s data protection efforts, ensuring compliance with<strong>&nbsp;IRS tax&nbsp;preparer&nbsp;security requirements<\/strong>, FTC, and state regulations.&nbsp;<\/p>\n\n\n\n<p>One&nbsp;important point: a WISP&nbsp;isn\u2019t&nbsp;just a check-the-box, single-document requirement;&nbsp;it\u2019s&nbsp;a living template that must evolve. As the CPA firm\u2019s systems, staff, and technology change, so should its WISP. Regular reviews, testing, and updates are essential to keep it current against emerging threats and aligned with evolving data security standards.\u202f&nbsp;<\/p>\n\n\n\n<p>To gain a deeper understanding of the&nbsp;<strong>IRS tax preparer security requirements<\/strong>&nbsp;and guides&nbsp;on addressing data breaches, read&nbsp;<a href=\"https:\/\/www.acobloom.com\/us\/blog\/the-complete-irs-data-security-guideline-update-for-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Complete IRS Data Security Guideline Update for 2025<\/a><\/p>\n\n\n\n<p>A well-developed WISP for a CPA firm typically includes these key elements:&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Governance\"><\/span>Governance&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>WISP\u2019s governance clearly&nbsp;states&nbsp;which individuals&nbsp;are responsible for&nbsp;the WISP\u2019s implementation and oversight. Those&nbsp;designated&nbsp;with these responsibilities include an individual called the \u201cinformation security officer, who manages the WISP program, enforces WISP policy, and makes recommendations based on the organization\u2019s strategy related to information security. This allows for consistency across all areas of decision-making and allows the organization to consider security initiatives to be a top priority.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Risk_assessment\"><\/span>Risk assessment&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A risk assessment is a process to&nbsp;identify, evaluate, and prioritize the various threats and vulnerabilities that may pose a risk to the systems and data of an organization. It enables an organization to&nbsp;identify&nbsp;and assess its potential exposure to various forms of risk such as data breaches, ransomware attacks, and the inadvertent loss of data due to human error. Through the analysis of the results from a risk assessment, an organization can manage its resources more effectively and develop&nbsp;appropriate strategies&nbsp;to reduce the potential severity of the highest risk areas within its organization.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Access_controls_authentication%E2%80%AF\"><\/span>Access controls &amp; authentication\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Access controls limit access to certain systems and data to only those with permission. Access Controls can be implemented using techniques such as least privilege (which only allows access needed to do the job), multi-factor authentication (MFA), and strong password requirements to create\u00a0additional\u00a0layers of defense against unauthorized access. All Access Controls limit the impact that a compromised account will have and keep sensitive information safe from being misused.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Encryption_and_protection_of_data_in_transit_and_at_rest\"><\/span>Encryption and protection of data in transit and at rest&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Encryption, which employs technical control,&nbsp;renders&nbsp;data unintelligible unless the recipient&nbsp;possesses&nbsp;the&nbsp;appropriate decryption&nbsp;key. In addition to securing information while traveling through the network (transit), encryption also protects data from being read or interpreted while it is stored on computers or other storage devices (rest). Encryption serves as an essential safety measure against either the interception of electronic communications or the destruction of a computer system.&nbsp;As long as&nbsp;the key is not compromised, data is protected from unauthorized access to its contents.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Employee_training_and_background_checks\"><\/span>Employee training and background checks&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Human error is a leading reason for significant security threats through human beings; thus, it is essential that all staff members of a company be trained in how to develop and&nbsp;maintain&nbsp;an environment of security consciousness. Staff members must also be made aware of what their roles are in the protection of the company\u2019s assets. To&nbsp;assist&nbsp;in this effort, background&nbsp;investigations will conduct background checks prior to hiring potential employees. By coupling employee training with background checks, businesses will significantly reduce the likelihood of accidental mistakes and intentional acts of sabotage against them committed by irresponsible and uninformed employees.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Incident_response_and_breach_notification_procedures\"><\/span>Incident response and breach notification procedures&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A security incident response plan is a document that outlines the specific actions an entity must take to respond effectively to a security breach or cyberattack. Pre-defining the necessary processes for detecting,&nbsp;containing,&nbsp;eliminating&nbsp;and&nbsp;recovering from&nbsp;security breaches reduces the amount of loss and delay caused by the incident. The incident response plan will also include processes the business must follow to&nbsp;comply with&nbsp;government and regulatory requirements for&nbsp;timely&nbsp;notice of breaches to affected parties and the&nbsp;appropriate authorities.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Data_retention_and_secure_disposal_policies\"><\/span>Data retention and secure disposal policies&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Through the establishment of retention requirements for various data types, policies also specify what types of secure destruction methods can be&nbsp;utilized&nbsp;to&nbsp;eliminate&nbsp;data that&nbsp;is no longer needed (e.g.,&nbsp;physical shredding or data wiping). In addition, by reducing the amount of sensitive data the organization&nbsp;retains&nbsp;and securely disposing of that data, the overall Data Footprint of the organization will decrease, thus lowering the organization\u2019s Risk Profile and liability due to&nbsp;data&nbsp;breaches.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Vendor_management_and_due_diligence%E2%80%AF\"><\/span>Vendor management and due diligence\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Many businesses use outside vendors that require access to the company&#8217;s systems or data. Management (Vendor Management) of vendors consists of conducting due diligence on the vendor (vetting) to make certain the vendor has&nbsp;appropriate security&nbsp;controls in place. This due diligence helps to manage the risk associated with the vendor supply chain. Vendor Management also ensures&nbsp;that&nbsp;an organization does not create new risks by forming partnerships with third-party vendors.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.acobloom.com\/us\/contact-us\/?utm_medium=orgnc&amp;utm_source=blog&amp;utm_campaign=us&amp;utm_content=consulting&amp;utm_term=in-content-cta-blog-banner\" target=\"_blank\" rel=\" noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"367\" src=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg\" alt=\"Outsourcing Revenue Cycle Management\" class=\"wp-image-2783\" srcset=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg 1024w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-300x108.jpg 300w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-768x276.jpg 768w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1536x551.jpg 1536w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA.jpg 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_Six\"><\/span>Security Six&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The IRS&#8217;s \u201cSecurity Six\u201d encompasses six critical cybersecurity measures that CPA firms must implement to safeguard against data breaches and cyberattacks.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Antivirus_Software\"><\/span>Antivirus Software&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>To protect yourself against potential exposure to sensitive information and malicious software,&nbsp;maintain&nbsp;an active, regularly updated antivirus program that incorporates IRS-recommended Security Six practices. By regularly updating your antivirus software, you can ensure it scans for, detects, and removes malware (malicious software), providing better protection for your systems. Additionally, keeping antivirus systems updated is essential to support overall cyber hygiene and&nbsp;comply with&nbsp;cybersecurity&nbsp;policy&nbsp;best practices.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Firewalls_that_are_properly_set_up%E2%80%AF\"><\/span>Firewalls that are properly set up\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The best way to improve security in compliance with <a href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/\" target=\"_blank\" rel=\"noreferrer noopener\">IRS requirements<\/a> is to install both hardware and software&nbsp;firewall&nbsp;products.&nbsp;A firewall&nbsp;(network appliance) will serve as an effective barrier against unwanted internet traffic and help prevent attacks on the network or systems connected to the internet. To further protect sensitive information and&nbsp;maintain&nbsp;the integrity of an organization\u2019s online presence, it is recommended that the&nbsp;firewall&nbsp;be part of a multi-layered defense strategy.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Multi-Factor_Authentication_MFA\"><\/span>Multi-Factor Authentication (MFA)&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The importance of having a Multi-Factor Authentication (MFA) mechanism in place for all accounts cannot be overstated, as it enhances the security of taxpayer data. MFA involves the use of two-factor or multi-factor authentication, which provides&nbsp;additional&nbsp;verification of the user&#8217;s identity by requiring multiple forms of identification.&nbsp;MFA also provides additional protection against unauthorized access.&nbsp;Proper implementation of MFA will also help ensure compliance with regulations concerning the protection of sensitive data.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Secure_backups_of_data%E2%80%AF\"><\/span>Secure backups of data\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Backing up your data&nbsp;frequently&nbsp;is an important part of protecting your organization&#8217;s cybersecurity and following the IRS Security Six. Having three copies of your data (in at least two formats) with one copy kept off-site, according to the 3-2-1 backup standard, will help keep your organization\u2019s data available and protected in the event of hardware failure, cyberattacks, or other events that prevent you from accessing or using it.&nbsp;&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Encryption_of_data_for_stored_and_transmitted_data%E2%80%AF\"><\/span>Encryption of data for stored and transmitted data\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Data Encryption is a method that encrypts data on an organization&#8217;s&nbsp;computer&nbsp;hard disks to protect data at rest. Drive Encryption is one of the six elements of the IRS Security Six and is an essential building block for protecting an organization&#8217;s data from unauthorized access, enabling recovery of lost or stolen devices while preserving the confidentiality and integrity of sensitive data.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"font-size:16px\"><span class=\"ez-toc-section\" id=\"Virtual_Private_Network_VPN\"><\/span>Virtual Private Network (VPN)&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>To protect sensitive information and provide an added layer of security against unauthorized access, Virtual Private Networks (VPNs) are used to connect users remotely to networks that require protection from unauthorized entry. The IRS Security Six&#8217;s focus on strong security practices can be complemented by a VPN. The use of a VPN creates and&nbsp;maintains&nbsp;encrypted, protected data transmissions; therefore, it provides an added layer of security. Furthermore, by using a VPN while connected to a protected network, organizations can&nbsp;comply with&nbsp;federal law and protect taxpayer information when conducting remote business activities.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The&nbsp;<strong>IRS security requirements for tax preparers<\/strong>&nbsp;are&nbsp;changing the way CPA firms protect their clients&#8217; personal data through implementing strong data protection measures, but beyond just meeting compliance, CPA firms need to&nbsp;demonstrate&nbsp;that protecting client information is an important way to&nbsp;establish&nbsp;confidence with current and potential clients.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Data protection should&nbsp;continue to be seen by CPA firms as a commitment to their clients.&nbsp;The&nbsp;obligation&nbsp;is&nbsp;to implement strong security policies and procedures, create a culture of security awareness, develop strategies for dealing with incidents quickly, and create means of supporting clients&nbsp;in the event of&nbsp;a breach. If CPA firms implement these steps now, they will be able to help ensure compliance with the&nbsp;<strong>IRS security requirements for tax preparers<\/strong>&nbsp;and minimize the risk of future data breaches or data loss.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CPA firms that have access to confidential client data are responsible for how this data is stored, processed, and disseminated. Given the sensitivity of this information, tax preparers are expected by the IRS to follow specific and strict tax preparer security requirements. These firms must adhere to these standards and ensure compliance at all times. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5846,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42],"tags":[106,105],"class_list":["post-5836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tax","tag-irs-compliance-for-tax-firms","tag-irs-tax-preparer-security-requirements"],"_links":{"self":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/5836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/comments?post=5836"}],"version-history":[{"count":13,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/5836\/revisions"}],"predecessor-version":[{"id":6230,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/5836\/revisions\/6230"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media\/5846"}],"wp:attachment":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media?parent=5836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/categories?post=5836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/tags?post=5836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}