Z1 Z1 Networks

For CPA, accounting & tax firms

IRS Publication 4557 is not optional — and neither is protecting client data

Z1 Networks builds the written information security plan (WISP) that IRS Publication 4557 requires and runs the security program behind it — MFA, encryption, data-loss protection, and year-round monitoring — for CPA, accounting, and tax firms across the Tri-Valley.

Get My Free Gap Analysis

“We don't have anything written down”

IRS Publication 4557 and the FTC Safeguards Rule both require a written information security plan — and your PTIN renewal now asks you to attest that you have one. Most firms have good intentions and no document. Good intentions don't survive an IRS inquiry.

“Tax season is our highest-risk period and our lowest-bandwidth one”

Temporary staff, remote access, deadline pressure, and a phishing spike timed to hit when nobody has a minute to think. Attackers plan around your calendar. Your security has to be set up before February, not managed during it.

“A breach means telling the IRS”

A client data breach triggers IRS notification, state attorney general notification, and a letter to every client whose Social Security number you hold — and it can put your PTIN and e-file privileges at risk. That's a firm-ending sequence, and it's preventable.

What your firm gets

A real, written WISP

The plan Pub 4557 requires — built for how your firm actually works, kept current as staff and software change, ready to show the IRS or your insurer on request.

The controls behind the plan

MFA on every account, encryption on every device, and protection that stops client tax data from leaving your systems. A plan without controls is a confession.

Tax-season hardening

Seasonal staff added and removed properly, remote access locked down, and wire-fraud checks on the requests that spike every spring.

Year-round management

Security is a 12-month obligation — attackers know you hold SSNs and bank records in July too. We run it continuously so tax season stays about your clients.

A WISP isn’t a binder you buy once — it’s a living document that has to match how your firm actually operates. Z1 keeps the plan and the reality in sync: when you add seasonal preparers, change tax software, or open remote access, the plan updates and the evidence trail follows.

For the compliance-literate: what's underneath

IRS Publication 4557 / FTC Safeguards Rule (GLBA):
Written information security plan with a designated coordinator, risk assessment, and safeguards testing — the full Safeguards Rule element set, documented.
Identity & access:
MFA with Conditional Access on every account; device compliance enforced through Intune before anything touches client data.
Data protection:
DLP policies for financial data types (SSNs, bank records, returns) and encryption at rest and in transit; backups with 1-year retention.
People layer:
Security awareness training with phishing simulation, tracked per user — evidence for both the WISP and your insurance application.
60
documented security procedures
Same-day
on-site support, Tri-Valley wide
Local
based in Pleasanton, not a call center
SentinelOne MSSP Partner Microsoft Solutions Partner Cisco Meraki Select Partner

Local to the Tri-Valley

Based in Pleasanton, we work with accounting and tax firms across the Tri-Valley — most are within a 20-minute drive. Same-day on-site during the weeks that matter most, and year-round management the rest of the time.

Pleasanton · Dublin · Livermore · San Ramon · Danville

Common questions

What is a WISP, and does the IRS actually require one?

A WISP is a written information security plan — a document describing how your firm protects client data, who is responsible, and what happens in an incident. Yes, it's required: IRS Publication 4557 and the FTC Safeguards Rule both mandate it for tax preparers, and your PTIN renewal asks you to attest that you have one. An unwritten plan doesn't count.

Can we just do this during tax season?

No — the requirement is year-round, and so is the risk. Attackers know CPA firms hold Social Security numbers, bank accounts, and returns in July just like in March. A plan that only exists during filing season isn't a plan, and the IRS treats it that way. We manage it continuously so the busy months need nothing extra from you.

What actually happens if client tax data is breached?

You notify the IRS, your state attorney general, and every affected client — and depending on the circumstances, your PTIN and e-file privileges can be at risk. For most firms the client-trust damage outlasts the regulatory process. The point of the gap analysis is to find the openings that lead there before someone else does.

We already have antivirus and a firewall. Why isn't that enough?

Because the requirement isn't "have some security tools" — it's a documented program: a written plan, a designated coordinator, MFA, encryption, staff training, and monitoring, with evidence that each piece exists. A firm can own good tools and still be non-compliant on paper, which is exactly how most firms fail an inquiry or an insurance claim review.

What does this cost for a firm like ours?

Flat monthly pricing per user, so it's predictable through the year. Where you land depends on firm size and how much compliance documentation you need — which is exactly what the free gap analysis scopes. You'll leave it knowing what you need, what you already have, and what closing the difference costs.

Find out where your firm stands

We'll check your firm against the Pub 4557 checklist and your insurance application, then walk you through the gaps in plain English.

Get My Free Gap Analysis

30-minute findings presentation. No obligation.