Under federal law, your firm is a financial institution — which means a written security program isn’t optional, and the IRS asks whether you have one every time you renew. Briggs IT helps Texas accounting firms understand what’s required and build the documented program that satisfies both.
Under the Gramm-Leach-Bliley Act, a CPA or accounting practice that handles customer financial information is defined as a “financial institution” — which puts your firm squarely under the FTC Safeguards Rule. Most practitioners have no idea this applies to them, right up until the moment it matters: a PTIN renewal question they can’t answer truthfully, a breach, or an inquiry from a regulator. By then, the time to have a program was already behind them.
The IRS adds its own layer. At PTIN renewal, the W-12 form now asks directly whether you maintain a Written Information Security Plan — and IRS Publication 4557 spells out what that plan has to contain. The FTC Safeguards Rule lays out its own set of administrative, technical, and physical safeguards. These two overlap heavily, but they aren’t identical. The good news: one well-built written program can satisfy both at once — and that’s exactly what Briggs IT helps your firm put in place.
A program that satisfies both the IRS and the FTC is a set of pieces working together — and the written evidence that each one exists. For most accounting firms, that looks like things such as:
This isn’t a checklist you complete once and file away. It’s a program you maintain, update, and re-evidence every year — because that’s what both the IRS and the FTC actually expect.
For an accounting firm, timing isn’t a small detail — it’s everything. A security gap that’s an inconvenience in your slow months is a five-alarm fire at the peak of filing season, when a huge share of your year runs through a short window and there’s no slack to absorb a breach or a system failure. That’s exactly why the off-season is the right time to get your program in order: the pressure is low, the calendar is open, and the work gets done properly instead of in a panic.
Working with Briggs IT, the rhythm is built around your year, not against it. We do the heavy lifting — the risk assessment, the written program, the staff training, the documentation — in the quieter months, so that when filing season hits, the compliance side is already handled and you can give your attention to clients. The goal is simple: walk into your busy season knowing the program is built, current, and ready, with nothing hanging over it.