Required Digital Security Plan - anyone willing to share?

[BulldogTom]

We all have to have this written digital security plan in place this year as a requirement for our PTINs.   Does anyone have a template version they would be willing to share?   I keep thinking I can do this myself but now I am not so sure.   What are the rest of you doing?

Tom
Modesto, CA

[Margaret CPA in OH]

I use the form from AICPA slightly modified for my practice as a sole practitioner. I believe it largely mimics the one from IRS in Pub 4557.  It's hard as so much really doesn't seem to apply to the likes of me with a home office and no employees.  But my IT guy builds my system and internet protection (don't use wifi for the business computer) and works for several other small to medium sized local accounting and tax firms.  I also carry the additional network protection insurance through AICPA and have covered all their requirements.

Retirement looks better every single year!

[jklcpa]

4 hours ago, BulldogTom said:

Does anyone have a template version they would be willing to share?

This document was referenced on the the Tax Book forum as an excellent resource, published by the National Institute of Standards and Technology (NIST) of the U.S. Dept of Commerce and is available at https://doi.org/10.6028/NIST.IR.7621r1  as a 54-page pdf with a sample template in the appendix.

I usually don't share things from Drake, but this appears in my google search and appears to not be copyrighted. It is a template available to anyone searching the internet, and this link will launch a 20-page pdf directly from Drake's knowledge base: https://kb.drakesoftware.com/Attachment330.aspx .

Both of the links above will launch the pdfs directly, but if you are hesitant to click the links but are comfortable enough if I upload the pdfs here I can do that. Please know that I've clicked both links tonight on both my main desktop and my tablet, neither of which set off alarm bells with any of the three AV software products on either device.

 

[Possi]

Gee, I wonder when the IRS might impose this upon themselves. 

The 12th of Never. 

No kidding, retirement is looking better and better. 

[Jim Oh Bkkr]

I liked @Margaret CPA in OH's for the retirement comment, but @Possi made me laugh out loud.

[Abby Normal]

I used Kofax (formerly Nuance) to make the Drake form fillable. Unfortunately it skipped some areas and one page entirely, so I had to create some fields by hand, and they look a little rougher than the fields created automatically.

When enter the business name on page 1, it will link to all the other business name fields on the Acceptable Use Policy page. You might have to abbreviate the name for it to fit and be readable on the Acceptable Use Policy page.

Let me know if you find any bugs or changes you'd like to see.

Enjoy!

 

 

Tax Office Cyber Security Plan-Fillable.pdf

[Abby Normal]

Better version

 

Tax Office Cyber Security Plan-Fillable.pdf

[jklcpa]

You could also just use the typewriter function within Adobe Acrobat too.

[Lion EA]

I've looked at Pub 4557, a security plan from BrassTax.com, one from Drake, and others. For my SMLLC home office with no employees but with a professional IT person who specializes in tax preparer and lawyer offices, I found the Pub 4557 Safeguarding Taxpayer Data's "Use the Safeguards Rule Checklist" of four pages (14-17 out of 21 pages) as a good starting point. However, I have not done anything else besides checking off the appropriate boxes in that checklist -- and having an IT pro on retainer and following his instructions.  

 

[David W Ristau CPA]

Thank you all for your thoughts.

AbbyNormal, thank you for making plan a fillable form.

Very helpful and relatively easy to complete.