Hello E.A.’s and Tax Preparation Pros.  This is the first installment of What you didn’t know you should know about securing your practice to meet IRS and NIST guidelines.

Let’s first review some of the documents both agencies have released to guide us in meeting their guidelines.

First is the IRS publication p4465a.  This short, 4 page PDF  highlights basic information about protecting and disclosing confidential federal tax information, laws that apply to information protected by the Privacy Act, and civilian and criminal penalties for unauthorized access and disclosures.

Next up is the 185 page IRS publication p4812.  This is the big document that tells us what to protect and how it needs to be protected.  It is all about Contractor (that is the preparer) Security & Privacy Controls.

The NIST Computer Security Resource Center has released SP 800-53 Controls and SP 800-53B Control Baselines Resources for Implementers.  Basically, this page provides us with a usable Risk Management Framework to build security measures and actions around.

SP 800-53 Rev. 5, updated December 10^th, 2020, is a 492 page document detailing the statutory responsibilities under the Federal Information Security Modernization Act (FISMA).

In these resources are A LOT of technology related jargon, exceptions, expectations, and processes.  Most of the guidelines actually make sense, when they are broken down and presented simply.

As IT services provider, we help implement these guidelines to tax preparation firms to meet compliance requirements and to protect their client data.   Everything in this series of blog posts will be based upon the above information or information found linked to the above.   If you have any questions, please feel free to contact us via our contact form on this website.