wisp-development-pipeline

Description: This is a workflow pipeline I created for implementing IRS Written Information Security Plans (WISP) for relevant organizations requiring this for compliance with FTC and IRS standards. It is modeled after real world WISP engagements I have developed for actual US-based accounting firms. My security audits and frameworks are based on NIST standards.

WISP Development Pipeline

WISP Overview:

What: This is a WISP development pipeline that I use in my consulting firm to create a custom Written Information Security Plan for clients (specifically small US-based accounting firms).

Who: The WISP is for any financial institution or organization that handles sensitive client data and are required to have a security plan in place to meet compliance requirements. Additionally, this is for any organization that wants to create a strong information security posture to protect data they handle.

Why: The importance of the WISP goes beyond just compliance with regualtory standards but is essential for maintaining uninterrupted business operations, client trust and organizational reputation.

NOTE: This is a snippet of my process, it will not include all of my deliverable templates and guides I use to create the final products for clients.

The Problem

• Many small firms lack real security programs and may lack comprehensive understanding of what is needed for compliance and adequate data security practices.

• FTC or IRS resources, guidelines and templates do not show the full picture of how to develop and implement a security plan.

• Many finacial service industries are becoming a technological field with many non-technilogical people being forced into more and more technology based processes, having a strong bridge for these things is necessary to mitigate informaiton security risks.

• The cost of professional implementation and guidance can be very expensive, especially with some of the bigger coorporate consulting firms.

The Solution - My Pipeline

• The problems this project aims to solve is the systematic approach to developing a compliant IRS WISP that is custom tailored for smaller accounting and finacial firms.

• I have developed this workflow pipeline based on my experience developing real-world financial/tax firm WISPs. It is meant to assist in streamlining my process and structurung a solid approach to ongoing consulting and security projects to better align my client's practices with the relevant regulatory standards.

The Pipeline:

1. Intake and Intial Consultation - Establish organization's current security posture
2. Security Audit - Audit current organizational practices to establish risks and security gaps
3. WISP Development - Develop the custom Written Information Security Plan based on the client intake and intial consultation and the security Audit
4. Implementation Plan and Consultation - Create a client implementation guide to implement the new WISP and security practices along with a hands on consultation to guide the client in understanding the security audit, the WISP and the implementation guide
5. Final Delivery - Review and create the final deliverables (Security Audit Findings, custom IRS WISP and Implementation Guide)

Note: I have created my own custom templates for all of these documents to streamline my client onboarding and docuemnt creation. Additionally, I plan to also showcase my risk assessment/security audit workflow pipeline in a seperate repo, but depending on the consultation package a client requests and the complexity of the organization will determine the level of detail that the security audit findings deliverable possesses.

Workflow Diagram

Deliverables

Clients Receive:

1. Written Information Security Plan (WISP)
2. Security Audit Findings Report
3. Implementation Guide

(The deliverables are accompanied by consultations from the information security professional/consultant for guidance on implementation and explanations of the deliverables with the client/stakeholders)