What are the Elements of an IRS Data Security Plan?

IRS data security plans should include the following components:

• Design, implement and monitor a safeguards program
• Designate an employee or employees to manage the information security program;
• Identify and assess the risk to protected customer data and evaluate the effectiveness of current safeguards;
• Evaluate and adjust the safeguards program based on relevant circumstances; and
• Select appropriate service providers

What are the elements of an IRS data security plan?

Refer to IRS Publication 4557 questionnaire to get more details. 

Roles and Responsibilities 

A “leader” who oversees the information security function must be appointed by the organization, and his or her precise duties and responsibilities must then be documented clearly. This role could be filled by a staff member or a third-party consultant.

Risk Management 

The data security plan must consider cyber risks the organization is exposed to, and take steps to address those risks. Malware, ransomware, and accidental data leaks are the most common threats faced by accountants and tax preparers.

Policies and Procedures 

The Plan requires the organization to develop written information security policies (WISP). On the IRS website, you can reference The IRS data security plan template has all of these policies pre-written.

Data Protection Safeguards 

The data protection plan should outline tools that will be implemented to protect data. Obvious examples of these would be firewalls, IDSs, or IPSs, and security awareness training for personnel.

Security Awareness Training 

The plan should address how organizations will train employees and contractors on safe computer use. Many data leaks and breaches are caused by human error when employees mistakenly click on email links that automatically download harmful files. This can be significantly prevented with training and education.

Response and Recovery 

The plan should address how the organization will respond to a cyber incident.