Written Information Security Plan (WISP) Template — editable Microsoft Word
A professionally structured, editable Written Information Security Plan (WISP) in Microsoft Word (.docx). Replace the amber [placeholders] with your organization's details and you're audit-ready in minutes — no consultant fees. It ships inside the ComplianceDocs toolkit below, aligned to FTC Safeguards Rule + IRS Pub 4557 (WISP).
Why a documented Written Information Security Plan (WISP) matters
The FTC Safeguards Rule (16 CFR Part 314), referenced by IRS Publication 4557, requires tax and accounting firms to keep a written information security program.
What you get in the Written Information Security Plan (WISP)
As a plan, it lays out what your organization will do, who does it and in what order, before you need it.
- A pre-written, professionally structured document in editable Microsoft Word (.docx).
- Amber [bracketed placeholders] for every organization-specific detail — name, role titles, systems, dates and thresholds.
- Plain, audit-ready language your team and your auditor can both follow.
- A single-organization license, with the same document supporting your work across FTC Safeguards Rule + IRS Pub 4557 (WISP).
How to use this template
- Get the toolkit below that fits your framework — the Written Information Security Plan (WISP) is included.
- Open the .docx in Microsoft Word, Google Docs or LibreOffice.
- Use Find & Replace to swap every amber [placeholder] for your organization's details.
- Review the content so it matches how you actually operate, and adjust what doesn't fit.
- Have the document owner approve it, share it with your team, and set a review date.
Get the Written Information Security Plan (WISP) in this toolkit
WISP Toolkit for Tax Professionals
Complete Written Information Security Plan package for tax preparers, CPAs and accounting firms — FTC Safeguards Rule (16 CFR 314) crosswalk, IRS Pub 4557-aligned policies, risk assessment workbook, training logs and incident response — everything Pub 5708 doesn't operationalize.
Inside the WISP Toolkit for Tax Professionals, the Written Information Security Plan (WISP) works alongside 8 other editable documents — including Client Records Retention and Disposal Policy, Data Incident Response Plan and Office Data Security Policy.
New to the framework? Read our FTC Safeguards Rule + IRS Pub 4557 (WISP) guide.
Written Information Security Plan (WISP) template — FAQ
- What format is the Written Information Security Plan (WISP) template?
- It is a fully editable Microsoft Word (.docx) file. It also opens cleanly in Google Docs and LibreOffice, so you can work in whatever your team already uses.
- Do I have to write the Written Information Security Plan (WISP) from scratch?
- No. It is pre-written and professionally structured — replace the amber [bracketed placeholders] with your organization's details and confirm it reflects how you actually operate, usually in well under an hour with Find & Replace.
- Does buying the Written Information Security Plan (WISP) template make my organization compliant or certified?
- No single document does that. Meeting the FTC Safeguards Rule depends on implementing and maintaining the security program, not just adopting the written plan. The template gives you the audit-ready documentation auditors expect, so the remaining work is operating the controls it describes.