832-304-1850

Texas Compliance and Cybersecurity for Tax Preparation Practices

If you hold a preparer number, federal law already treats your practice as a financial institution — and the IRS asks whether you have a written security plan every time you renew. Briggs IT helps Texas tax practices understand what’s required and build the documented program that satisfies both, with systems steady enough to carry you through your busiest weeks.

You’re a financial institution —

even if no one ever told you

Under the Gramm-Leach-Bliley Act, a tax preparation practice that handles customer financial information is defined as a “financial institution,” which places it under the FTC Safeguards Rule. Most preparers never learn this until the moment it counts: the renewal question they can’t answer truthfully, a breach, or an inquiry from a regulator. The obligation has been there the whole time — quietly — whether or not anyone pointed it out.

The IRS makes it explicit. When you renew your Preparer Tax Identification Number (PTIN), the W-12 form asks directly whether you maintain a Written Information Security Plan — and IRS Publication 4557 describes what that plan must contain. Answering that question is not a formality; a false answer is a serious federal matter. One well-built written program answers both the IRS and the FTC at once, and that’s exactly what Briggs IT helps your practice put in place — before the question is in front of you, not after.

What a tax preparation practice

actually needs

A program that satisfies both the IRS and the FTC is a set of pieces working together — plus the written proof that each one exists. For most tax practices, that looks like things such as:
This isn’t something you do once and forget. It’s a program you maintain, update, and re-evidence every year — with the proof attached, ready for the day the IRS or the FTC asks to see it.

For a tax practice,

staying online isn’t optional

A system failure in your slow season is a bad day. The same failure at the height of filing season is something else entirely — because so much of your year runs through such a narrow window that there’s no room to recover. A breach or an outage that you’d shrug off in the off-season can put the whole year’s revenue at risk if it lands at the wrong moment. For a tax practice, availability isn’t just a cybersecurity concern. It’s a stay-in-business concern.

That’s why working with Briggs IT is built around keeping you running. Tested backups, fast recovery if something goes wrong, and monitoring that catches trouble early — so the program protects not just your compliance, but your ability to keep working when it matters most. And if something does happen at the worst possible time, the person on the phone is the one who knows your systems — not an offshore queue reading from a script.

The two things every practice

says first

“We use tax software that handles security.”

Your tax software vendor secures their own platform — not your practice. The workstations your team uses, the email you exchange with clients, the cloud storage holding working papers, the machines where returns are prepared and reviewed: all of that is your responsibility, not the software provider’s. The FTC Safeguards Rule applies to your practice, not to the software you log into. The platform is one piece. The program around it is yours.

“We’re too small.”

Being small doesn’t put you outside these rules. The FTC Safeguards Rule’s lighter-touch provisions only reach the very smallest practices — and that’s measured by total customer records, which includes the records belonging to your clients’ clients. Most small practices cross that line without realizing it. And no matter where a practice lands on that question, the IRS’s written-plan requirement applies to every preparer who holds a PTIN. Small doesn’t make this go away.

See where your firm stands

The Compliance Readiness Review is a working session built for tax practices. We walk through where your practice sits against the FTC Safeguards Rule, IRS Publication 4557, and sound security practice. Afterward, once we’ve worked through what we found, you get a written gap report in plain English — what’s in place, what’s missing, and what to fix first. No sales pressure. The report is yours to keep, whether or not you ever hire Briggs IT. The quiet stretch before your next busy season is the ideal time to take it.