IT & security for accounting and finance firms

Filing deadlines don't wait for a server to come back up. IronPoint keeps your systems standing through tax season, keeps your firm compliant with the FTC and IRS, and keeps client Social Security numbers, bank records, and financial data locked down.

No cost, no obligation — call or text (254) 226-9122

What keeps you up at night

A deadline business, a regulated firm, and a target — all at once

Accounting and finance firms carry three burdens most businesses don't: regulators who require written proof of security, criminals who know what your files are worth, and a calendar where downtime in the wrong month costs real clients.

A WISP is no longer optional

The FTC Safeguards Rule and IRS Publication 4557 require every tax preparer to maintain a written information security plan — and you certify awareness of your data-security obligations every time you renew your PTIN. Checking that box without a real plan behind it puts your name on a promise you can't back up.

Tax season triples your downtime cost

From January to April your workload triples, and so does the price of every hour your systems are down. A server failure in July is an annoyance. In the first week of April it's missed filings, extension paperwork, and clients who don't come back.

You're a prime phishing target

Attackers know exactly what sits in a CPA firm's inbox: Social Security numbers, bank details, and complete financial pictures. Fake client emails with "tax documents" attached are the standard play against firms your size — and one wrong click during a busy February is all it takes.

The tax-software server nobody owns

QuickBooks and tax applications running on a machine in a closet that nobody patches, nobody monitors, and nobody has ever tested a restore on. It works — right up until it doesn't, and the failure never picks a quiet month.

Compliance, handled seriously

What the FTC and IRS actually require — and how we get you there

The FTC Safeguards Rule applies to tax preparers, and IRS Publication 4557 spells out what it means in practice: a written information security plan, a designated individual responsible for security, a risk assessment of where client data lives, multi-factor authentication on systems holding client PII, encryption of that data, and a review of the whole plan at least annually and whenever the firm changes. It is a compliance requirement with your signature on it — not a best-practices suggestion.

Every PTIN renewal, you certify awareness of your data-security obligations. If a breach happens or an inquiry lands, the first request is simple: show us your WISP. That means a current written plan, a named security lead, safeguards that match what the plan says, and review dates that prove it's maintained — not a template someone downloaded in 2019 and never opened again.

IronPoint builds it with you, not at you. We start by mapping where client data actually lives — workstations, the tax-software server, email, cloud storage — then write the plan in plain English, implement the safeguards it commits you to, and put the annual review on the calendar. You end up with documentation you can hand to an auditor, your insurance carrier, or a worried client, and a straight flat quote for the work after the assessment.

Powered by trusted technology

Enterprise-grade tools sized for small business — the same stack we run on our own systems.

  • Huntress
  • Microsoft 365
  • Pax8
  • NinjaOne
  • Keeper Security
  • Cloudflare
Good questions

Frequently asked questions

Our practice is small. Do we really need a WISP?

Yes. The FTC Safeguards Rule and IRS Publication 4557 apply to tax preparers regardless of size — a solo preparer with a PTIN has the same written-plan obligation as a fifty-person firm. And since you certify awareness of your data-security obligations at every PTIN renewal, the smallest practice is making the same promise the biggest one is. The plan for a small firm is shorter and cheaper to build, but it has to exist.

Can you build our WISP without disrupting tax season?

Yes — and the best time is the off-season, May through December, when we can assess, write, and implement without touching your busiest weeks. If you come to us mid-season with an urgent gap, we stabilize the immediate risk first and schedule the full documentation work for after the deadline. Either way, the work is flat-quoted after the assessment, so you know the cost before we start.

What does this cost a firm like ours?

Managed IT runs on a flat per-user rate, typically $95 to $200 per user per month depending on the support and security your firm needs. The comprehensive Security & AI Audit is $750, credited toward onboarding if you move forward. WISP and compliance packages are flat-quoted after the assessment — we'll tell you the number in writing before any work begins, and if your current setup already covers a requirement, we'll say so.

We run QuickBooks Desktop and hosted tax software. Can you support that?

Yes. We can take over maintenance of your existing server — patching, monitoring, and tested backups — or move your applications to a properly managed cloud environment if that fits your firm better. The honest answer depends on your software versions, file sizes, and how your team works, which is exactly what the free assessment sorts out.

Walk into next filing season secure, compliant, and ready

Start with a free, no-obligation assessment — or just call. You'll talk to the person who does the work.