abl facebook

What is a Data Security Plan: 3 Steps to Create Yours Today

July 10, 2022
Share this story
What is a Data Security Plan: 3 Steps to Create Yours Today

Creating a Data Security Plan for your accounting firm is an essential step to safeguarding your business documents and sensitive client information. In the U.S., creating a written Data Security Plan is required of all tax professionals and should include several key elements to remain in compliance with federal regulations. 

This post covers the basics of Data Security Plan requirements, plus the three steps you should take to create yours today. 

What is a Data Security Plan?

A Data Security Plan is a part of the IRS’s Taxes Security Together Checklist, which was created in partnership with Security Summit. 

A data security plan must be unique for each accounting firm to address specific information such as the size of the accounting firm, the types of activities it performs, and the nature of client information it collects. 

There are several internal control requirements each data security plan must take, including:

  • Installing business-grade anti-malware software on all equipment.
  • Updating software and hardware routinely.
  • Creating a strong password management program with robust security measures.
  • Encrypting all sensitive files with strong password protection measures.
  • Backing up data to secure off-site locations. We recommend Cloud-based backup and storage. 
  • Reviewing direct deposit and other return information before any e-filing.
  • Monitoring the destruction of old hard drives and other equipment containing sensitive client data. 
  • Limiting sensitive document access to a need-to-know basis. 
  • Deactivating unused EFINs.
  • Monitoring PTIN accounts to total returns filed using EFINs or PTINs.
  • Removing any outdated authorizations for non-clients. 

For more information on each of the listed internal controls, check out the IRS’s Safeguarding Taxpayer Data Guide

The IRS recommends accountants, and other tax professionals, work with experienced cybersecurity professionals to ensure compliance with these and other security requirements. 

As cybersecurity and IT management professionals, we’re outlining the three steps you need to take to ensure your compliance with the IRS Data Security Plan requirements and that you’re appropriately safeguarding sensitive business and client information.

Step One: Secure Your Network

The first step in creating a written Data Security Plan is determining the method by which your accounting firm will secure its network. It’s easier than ever for hackers to infiltrate your network and access sensitive client information. 

You need a robust network security plan in place to tackle several of the IRS’s internal control requirements, including:

  • Installing anti-virus software to protect your network from malicious attempts. 
  • Encrypting all files and setting up a robust password management program. 
  • Updating system and software when prompted, preferably when there is no risk of disrupting regular business hours. 
  • Maintaining a consistent backup plan to ensure your network data is protected and accessible in the event of a breach or other disaster. 

Step Two: Move to Cloud-based Storage

The IRS requires every tax professional to store sensitive data on an off-site server not directly connected to your existing network. 

Our recommendation for our clients is to backup their business and client information on a Cloud-based storage solution. Once you’ve moved all files to a Cloud-based storage option, it’s imperative to maintain a consistent backup routine. 

This type of storage model provides scalable space to keep all your documents and files organized and secured with proper encryption – another IRS internal control requirement. 

Cloud-based storage offers an added layer of protection for sensitive client information and maintains your compliance with the IRS Data Security Plan requirements. 

Step Three: Hire an IT Management Solution

It’s more important now than ever to have an experienced cybersecurity team on your side. From ensuring compliance with regulatory agencies to protecting the hard-fought trust you have with your clients, a managed IT solutions firm like ABL Computers gives you peace of mind. 

We know you didn’t get into the financial services industry because you love complying with regulations. You got into this business to help people lead stress-free financial lives. And a managed IT solutions team gets you working on the projects that actually matter to you and your clients. 

Hiring ABL Computers means partnering with an experienced cybersecurity and IT team that recognizes your unique business model and tailors your security packages to fit your firm’s size and budget. 

Check out our Small Business Guide to Managed IT Services for more information on how we can help protect you from looming security risks. 

We can help write your Data Security Plan and ensure your sensitive business and client files are secured. Contact us today to get started. 


ABL Computers
ABL Computers

Started in 2001, ABL Computers is a complete technology solution provider. We are 100% committed to making sure business owners have the most reliable and professional IT service in New York. Our team of talented IT professionals can solve your IT nightmares once and for all.

More about me.

Follow Me

Not Ready To Call Us Just Yet?

No problem, we still want to send you a copy of our recently published report, 21 Questions To Ask Before Hiring An IT Team.

Not ready to make the change right now? Are you sure that your financial service business is not vulnerable to expensive problems, such as, lost data, viruses, hacker attacks and other critical issues? Do you know their policies, procedures, and service standards? This report will provide you with important questions to ask your current IT professional.

Simply fill out the form here and we will send you a copy today!

21 Questions