DIY WISP System
Complete your Written Information Security Plan with the guided DIY System. This tier gives you the WISP, logs, checklists, worksheets, and completion order needed to produce a stronger, more defensible self-completed package.
Completion layer
Guided self-completion package
The DIY tier adds the supporting logs, worksheets, and completion order that turn the WISP from a shell into a more defensible finished package.
Included documents
Why this matters
A WISP is not just one document. It is the policy, the supporting records, the review rhythm, and the evidence that the firm can actually follow what it wrote down.
What this kit helps you document
What's included in the DIY WISP System
Start Here Guide
A simple walkthrough showing the order to complete the documents and how the pieces fit together.
What's Included Overview
A quick reference page explaining each document in the kit.
Core WISP Template
The main fillable Written Information Security Plan document for your firm.
Risk Assessment Worksheet
A practical worksheet to identify risks around devices, accounts, vendors, storage, software, remote access, and taxpayer data.
Safeguards Checklist
A structured checklist for administrative, technical, and physical safeguards.
Employee Access Log
A record of who has access to taxpayer information, systems, files, and firm tools.
Service Provider Log
A vendor record for software providers, cloud storage, tax software, payment processors, IT vendors, and other service providers.
Incident Log
A record for suspected or confirmed security incidents, response actions, and follow-up notes.
Annual Review Log
A simple record of WISP review dates, updates, responsible person, and follow-up items.
Guided completion order
Core WISP Template
Fill in your firm's details, objectives, and scope
Risk Assessment Worksheet
Identify and evaluate security risks
Safeguards Checklist
Document administrative, technical, and physical controls
Employee Access Log
List personnel and their access levels
Service Provider Log
Record vendors with access to protected information
Incident Log
Document any suspected or confirmed security incidents
Annual Review Log
Schedule and document periodic reviews
Why choose the DIY System instead of the Template?
The Template gives you the document itself.
The DIY System gives you the document plus the supporting materials that make the WISP easier to complete and maintain: risk assessment worksheet, safeguards checklist, employee access log, service provider log, incident log, annual review log, and guided completion order.
Best for
- Firms that want to complete the WISP correctly with structure
- Practices that need logs, checklists, and a risk worksheet
- Buyers who want more than a document shell but do not need SOPs or a completed package
Not for
- ✕Firms that want operational procedures included
- ✕Buyers who want the package completed for them
- ✕Practices that want a final sign-and-done deliverable
Before you buy
The DIY WISP System is a guided self-completion product. It helps your firm complete the WISP correctly, but it does not include operational procedures or a completed package prepared for you. You are responsible for editing the documents so they match your firm's actual tools, devices, software, vendors, access controls, and security practices. It is not legal advice, cybersecurity consulting, or a guarantee of IRS, FTC, or state compliance.
Complete your WISP with the guided self-completion system. Your Template purchase can be credited toward this tier. Your DIY purchase can be credited toward the Premium System, which adds SOPs.
Delivered as a downloadable system with logs, worksheets, and a 30-day review period.