ApexTech4TaxPros

Book Assessment
TAB_05 // IT_SECURITY_ASSESSMENT & WISP_COMPLETION

We Scan Your Laptop or PC.

You Get a
WISP & a Report.

Your existing laptop or desktop PC may already be your biggest compliance vulnerability — and you would not know it without a professional review. AT4TP assesses your actual device against every IRS and FTC WISP requirement, delivers a written findings report, and hands you a fully completed custom WISP that reflects your real machine.

⚠️Most Tax Preparers Don’t Know What’s on Their Own Machines
Outdated antivirus. No encryption on the drive. Old unpatched software. Browser-saved passwords. Client tax files stored in personal folders with no access controls. These are not hypothetical risks — they are the exact vulnerabilities that lead to EFIN theft and client data breaches. Our assessment finds them before attackers do.
Get My Secure Desktop
See WISP Compliance Map →
IRS Pub 4557 Reviewed
FTC Safeguards Rule Checked
Written Report Delivered
Custom WISP Completed
Bilingual EN / ES
Defender for Cloud On
AT4TP //
SECURITY_ASSESSMENT_CONSOLE
LIVE
SCAN
💻
Tax Office Laptop — WIN11
DEVICE_ID: TAX-PC-2024 · User:
Preparer_01
SCANNING
🔥
Firewall Status
PASS ✓
🔐
Multi-Factor Authentication
FAIL ✗
🦠
Antivirus — Real-Time
PASS ✓
🔑
Drive Encryption (BitLocker)
NOT ENABLED ✗
🔄
Pending Windows Updates
14 PENDING ⚠
🗂️
Client Data Storage Location
UNPROTECTED ✗
🌐
Browser Saved Passwords
RISK FOUND ⚠
📦
Software Vulnerability Scan
SCANNING...
Checks completed: 7 / 12 Issues found: 4
The Real Risk

Your Laptop or PC Is the Front Line — Most Are Not Compliance-Ready

When the IRS or FTC examines your WISP after a breach, they do not just read your document — they look at the actual security state of the devices that held client data. Here is what is typically found on tax office machines that have never been professionally assessed.

🔓

Drive Not Encrypted

A laptop without BitLocker or FileVault enabled means every client’s Social Security number, tax return, and bank account detail is readable by anyone who boots the machine — no password needed. This directly violates FTC encryption requirements and the IRS Publication 4557 safeguard for data at rest.

🎣

Browser-Saved Tax Software Passwords

Most preparers save their TaxSlayer, Drake, or other tax software login in the browser. One malware infection harvests every saved credential instantly — handing attackers direct access to your EFIN, your clients’ returns, and bank product accounts. No MFA required once the credential is stolen.

📁

Client Files in Personal Folders

Client tax files saved in Downloads, Desktop, or personal Documents folders have no access controls, no audit trail, and no encryption. The FTC Safeguards Rule requires documented access controls for every location where client data is stored — and a personal folder does not qualify.

 

🕳️

Unpatched Software Vulnerabilities

Old versions of Windows, Adobe, browsers, and installed software contain known security vulnerabilities that attackers exploit. Many tax offices run on outdated software well into filing season — creating open doors that patching would have closed months earlier.

🚫

No MFA on Tax Software or Email

The FTC Safeguards Rule mandates multi-factor authentication for any system storing client financial information. Most solo preparers have never enabled it on their tax software, email, or cloud storage — leaving a single stolen password as the only barrier between an attacker and your entire client base.

Our Assessment Finds All of This — and Fixes the Record

AT4TP reviews every one of these risk areas on your actual laptop or PC, documents exactly what is found, provides remediation guidance, and writes your WISP to accurately reflect your real security posture — not a hypothetical one. You get the truth about your machine, and the document that proves you addressed it.

Full Assessment Scope

Every WISP Control Checked on Your Actual Device

Our assessment reviews your laptop or PC against every technical control in IRS Publication 4557 and the FTC Safeguards Rule. Nothing generic — everything measured against your specific machine.

🔥
Network & Firewall
Windows Firewall or third-party firewall status and configuration
Network adapter settings and open port review
Remote desktop access — enabled or disabled and secured
VPN usage and configuration for remote work sessions
🔄
Patch Management
Windows Update status and pending critical patches
Third-party software vulnerability scan (browsers, Adobe, Java, etc.)
Automatic update configuration review
End-of-life software identification
🔐
Authentication & Access
MFA setup on Windows login, tax software, and email accounts
Password manager presence and browser-saved credential risk
Account privilege review — admin rights vs. standard user
Session timeout and screen lock configuration
Guest and shared account identification
🗂️
Data Storage & Access
Client file storage locations and folder access controls
Tax software data directory security review
USB and removable media policy check
Data retention and deletion practices review
Backup configuration and offsite/cloud backup verification
🦠
Antivirus & Malware
Antivirus software presence, version, and real-time protection status
Last scan date and definition update verification
Windows Defender status or third-party AV conflict check
Anti-phishing and anti-spyware layer review
🔑
Encryption
BitLocker (Windows) or FileVault (Mac) full-disk encryption status
External drive and USB encryption check
Email encryption settings for client document transmission
Cloud storage encryption verification
📦
Software & Installed Apps
Installed software inventory — flagging unauthorized or risky programs
Tax software version and update status
Browser extensions and plugin risk review
Remote access tools (TeamViewer, AnyDesk) — presence and security
AT4TP Assessment Report
PDF DELIVERED
DEVICE: TAX-OFFICE-LAPTOP • DATE: 2026-05-16
Firewall
COMPLIANT
// Windows Defender Firewall active. No exposed ports.
MFA
NOT ENABLED
// TaxSlayer login: no MFA. Email: no MFA. REMEDIATION REQUIRED.
Encryption
DRIVE UNENCRYPTED
// BitLocker: OFF. Client data accessible without credentials.
Patch Status
14 PENDING
// 3 critical updates overdue. Schedule within 48hrs.
Antivirus
COMPLIANT
// Defender active. Definitions current. Real-time: ON.
Overall Posture: REMEDIATION NEEDED WISP: GENERATED ✓
Process

From Booking to WISP — How the Assessment Works

A simple, professional process. No tech jargon. No disruption to your practice. Just a thorough review and a completed WISP in your hands.

// STEP_01
🗓️
Book Your Assessment
Contact AT4TP at info@at4tp.com or call us to schedule your device assessment. Tell us whether you need a single device (laptop or PC) or the Laptop & PC Bundle. We confirm a time that works around your schedule — including during or after tax season.
⏱ Book in 5 minutes
// STEP_02
🔌
Secure Remote Connection
AT4TP connects to your device remotely using a professional, encrypted remote support tool — similar to ConnectWise Control. You simply run a small session file we send you and our technician connects securely. No travel, no disruption, no shipping your device.
🔒 Encrypted remote session only
// STEP_03
🔍
We Run the Full WISP Checklist
We systematically review every technical control required by IRS Publication 4557 and the FTC Safeguards Rule — firewall, MFA, antivirus, encryption, patches, data storage, software inventory, session controls, and more.
📋 12+ control checks
// STEP_04
📄
Written Report Delivered
You receive a professional written assessment report documenting every control checked, its pass/fail status, findings summary, and specific remediation steps for anything that needs attention.
📤 Delivered within 48hrs
// STEP_05
📋
Your Custom WISP Is Completed
Using the actual findings from your assessment, AT4TP completes your fully customized Written Information Security Plan. Includes all required sections: risk assessment, technical safeguards, incident response plan, vendor oversight, and more.
✅ IRS & FTC compliant WISP
Your Deliverables

Two Documents That Protect Your Practice

Every assessment — single device or bundle — delivers the same two core documents. These are the only two documents you need to demonstrate full WISP compliance for your actual computing environment.

🔍
Written IT Security Assessment Report
A professional, plain-language document summarizing the security state of your device — written by AT4TP based on what we actually found on your machine. Not a theoretical checklist. A real findings report.
  • Executive summary of overall compliance posture
  • Pass / Fail / Warning status for every control checked
  • Specific findings for each failed or at-risk item
  • Remediation recommendations in plain language
  • Device details and assessment date for your records
  • Suitable for WISP audits, FTC reviews, and insurance documentation
  • Delivered as a professional PDF within 48 hours of assessment
📋
Completed Custom WISP Document
A fully written, IRS and FTC-compliant Written Information Security Plan based on the actual findings from your device assessment. Every section reflects your real machine — not a generic template.
  • Designated Qualified Individual named and documented
  • Risk assessment written from your actual device findings
  • Technical safeguards documented as found on your machine
  • Physical safeguards and access control policies
  • Employee training requirements section
  • Vendor oversight with your specific software providers
  • Incident response plan with IRS 24-hour reporting contacts
  • Available in English or Spanish • Annual review schedule included
Simple Flat-Rate Pricing

One Price. No Surprises. Your WISP Included.

Choose the plan that covers your devices. Both include the full assessment, written report, and completed custom WISP document — everything you need for PTIN renewal compliance.

💻 Laptop — OR — 🖥️ Desktop PC
SINGLE_DEVICE

Laptop or PC Assessment

One device · Full review · Custom WISP included

$599

Flat rate · One-time · No hidden fees
💻 Laptop + AND + 🖥️ Desktop PC
BUNDLE PREMIUM ⭐ BEST VALUE

Laptop & PC Bundle

Both devices · Combined report · Premium coverage

$999

Flat rate · Both devices · One engagement
  • Full WISP compliance assessment on one device (laptop OR desktop PC — your choice)
  • 12+ IRS Pub 4557 and FTC Safeguards Rule controls checked
  • Written assessment report — pass/fail status, findings, remediation guidance
  • Fully completed custom WISP document based on your actual machine
  • Incident response plan included in your WISP
  • Delivered within 48 hours of assessment
  • Available in English or Spanish
  • Secure remote session — encrypted connection, no travel required
  • Secure email · Secure cloud drive · Password manager
Book Single Device — $599
Was $1000
  • Full WISP compliance assessment on both your laptop AND desktop PC
  • Combined assessment report covering both devices with unified findings
  • Single WISP document covering your complete device environment — both machines
  • Cross-device risk analysis — identifies when one device creates risk for the other
  • Incident response plan covering both devices
  • Delivered within 48–72 hours of assessment
  • Available in English or Spanish
  • Secure remote session — encrypted connection · Priority scheduling
Book Bundle — $999
Was $1000
ℹ️
Why the bundle is the smarter choice: The FTC Safeguards Rule requires your WISP to cover every device that accesses client data. If you use both a laptop and a desktop PC at any point during the year, both must be assessed and documented. A single-device WISP that omits your other machine leaves a compliance gap. The $999 bundle closes both devices in one engagement — saving $199 versus two separate assessments.
Simple Flat-Rate Pricing

One Price. No Surprises. Your WISP Included.

Choose the plan that covers your devices. Both include the full assessment, written report, and completed custom WISP document — everything you need for PTIN renewal compliance.

💻 Laptop — OR — 🖥️ Desktop PC
SINGLE_DEVICE

Laptop or PC Assessment

One device · Full review · Custom WISP included

$599

Flat rate · One-time · No hidden fees
  • Full WISP compliance assessment on one device (laptop OR desktop PC — your choice)
  • 12+ IRS Pub 4557 and FTC Safeguards Rule controls checked
  • Written assessment report — pass/fail status, findings, remediation guidance
  • Fully completed custom WISP document based on your actual machine
  • Incident response plan included in your WISP
  • Delivered within 48 hours of assessment
  • Available in English or Spanish
  • Secure remote session — encrypted connection, no travel required
  • Secure email · Secure cloud drive · Password manager
Book Single Device — $599
Was $1000
💻 Laptop + AND + 🖥️ Desktop PC
BUNDLE PREMIUM ⭐ BEST VALUE

Laptop & PC Bundle

Both devices · Combined report · Premium coverage

$999

Flat rate · Both devices · One engagement
  • Full WISP compliance assessment on both your laptop AND desktop PC
  • Combined assessment report covering both devices with unified findings
  • Single WISP document covering your complete device environment — both machines
  • Cross-device risk analysis — identifies when one device creates risk for the other
  • Incident response plan covering both devices
  • Delivered within 48–72 hours of assessment
  • Available in English or Spanish
  • Secure remote session — encrypted connection · Priority scheduling
Book Bundle — $999
Was $1000
ℹ️
Why the bundle is the smarter choice: The FTC Safeguards Rule requires your WISP to cover every device that accesses client data. If you use both a laptop and a desktop PC at any point during the year, both must be assessed and documented. A single-device WISP that omits your other machine leaves a compliance gap. The $999 bundle closes both devices in one engagement — saving $199 versus two separate assessments.

🔗 Why Assessment + WISP Together Is the Only Way to Do It Right

A WISP written without a device assessment is a guess. It documents what you think your security looks like — not what it actually is. And if the IRS or FTC ever reviews your WISP following a breach, the mismatch between your documented controls and your actual device state will be immediately apparent.

AT4TP’s IT Assessment solves this by building your WISP from the ground up using real findings from your real machine. Every section of your WISP reflects what we actually found — what is working, what was remediated, and what safeguards are actively in place. That is the difference between a WISP that passes a review and one that creates additional liability.

Your assessment and WISP are both delivered together — one engagement, two documents, complete compliance.

📋 Why "Assessment-Based" WISPs Matter
  • The IRS expects your WISP to reflect your actual security practices — not theoretical ones
  • The FTC Safeguards Rule requires documented risk assessments based on your real environment
  • A WISP claiming BitLocker is enabled when it is not constitutes a false certification
  • An assessment provides the documented evidence that your controls were evaluated in good faith
  • Insurers reviewing claims after a breach check whether your WISP matched your actual security posture
  • An assessment gives you accurate remediation steps — not guesses — so you can actually fix what is wrong
  • Your WISP annual review is simpler when you know what your baseline actually was

🌐 Evaluación disponible en inglés y español

AT4TP conducts assessments and delivers reports in English and Spanish. Contact us at info@at4tp.com.

🇺🇸 🤝 🇲🇽

Questions

IT Assessment FAQs

Everything tax professionals ask before booking their device assessment.

How does the remote connection work. Do I need to install anything?
The assessment is performed 100% remotely using an encrypted professional remote support connection — similar to ConnectWise Control. After you book, AT4TP sends you a simple session link or small connection file. You run it, our technician connects securely to your device, and the assessment begins. There is nothing permanent to install — the session tool closes completely when we are finished and leaves no ongoing access to your machine. You can watch everything that happens on your screen in real time throughout the session. No travel, no shipping your device, no disruption to your office.
Will you access my client's tax file during this assessment?
No. The assessment reviews security settings, configuration, software inventory, and system-level controls — not the content of your client files. We look at where files are stored and how access is controlled, but we do not open, view, or retain any client data. AT4TP treats all information from your device with strict confidentiality.
What is difference between the $599 single device and the $999 bundle?
The $599 single device assessment covers one device — either your laptop or your desktop PC. The $999 Laptop & PC Bundle covers both devices in a single engagement, delivering a combined report and a WISP that documents both machines. The bundle saves $199 versus booking two separate assessments. If you use both a laptop and a PC at any point during the year to access client data, the FTC requires both to be covered in your WISP — making the bundle the more complete compliance solution.
How long does the assessment take?
A single device assessment typically takes 1–2 hours depending on the complexity of your setup. The Laptop & PC Bundle takes 2–3 hours total. Most of this time your device runs scans in the background — you do not need to sit and watch the screen the entire time. Your written report and completed WISP are delivered within 48 hours (single device) or 48–72 hours (bundle) after the assessment is complete.
What if the assessment finds serious issues — is AT4TP going to fix them?
The assessment report includes specific, plain-language remediation recommendations for every issue found. Many fixes — like enabling BitLocker, turning on MFA, or installing updates — can be done by the device owner following the instructions in our report. For more complex remediation (such as network configuration or secure storage setup), AT4TP can discuss additional support services. If you have our Secure Virtual Desktop subscription, most of these issues are already resolved at the platform level — the assessment will reflect that.
Can I book the assessment even if I already have a WISP?
Yes — and if you already have a WISP, this is actually the most important thing you can do. We will check whether your current WISP accurately reflects the security state of your actual devices. If there are discrepancies between what your WISP says and what your machine actually does, an FTC audit or post-breach investigation will find them. Our assessment ensures your WISP is truthful — and we update your document based on actual findings. The FTC Safeguards Rule also requires periodic review and testing of your safeguards, which this assessment satisfies.
Is the assessment report and WISP available in Spanish?
Yes. AT4TP provides both the written assessment report and the completed WISP document in Spanish upon request. We also conduct the assessment session in Spanish if preferred. Contact us at info@at4tp.com and let us know your language preference when booking.
Book Today

Know Exactly What's on Your Machine.

Have the WISP to Prove It.

One professional assessment. A written report on your actual device. A completed custom WISP ready for PTIN renewal. Starting at $599 for a single laptop or PC — or $999 for the Laptop & PC Bundle.

Book My Assessment
Book Bundle — $999 →
Questions? Email info@at4tp.com · Bilingual support · Dallas, TX
Scroll to Top