The FTC Safeguards Rule requires accounting firms to implement nine specific security elements:

·       Designate a Qualified Individual to oversee your information security program

·       Create and maintain a Written Information Security Plan (WISP)

·       Conduct periodic risk assessments

·       Design and implement safeguards to control risks

·       Regularly monitor and test safeguards

·       Provide security training to staff

·       Oversee service providers and vendors

·       Maintain an incident response plan

·       Report to senior leadership annually.

Most small and mid-sized accounting firms don’t have qualified IT staff to handle these requirements independently, which is why many work with managed service providers who specialize in compliance for accounting firms.