General Rule of Thumb: With no prior experience putting together a security plan you can anticipate ~20 hours for a firm with less than 5 employees (Including solo firms).
6-10 Employees: ~22 Hours
11-24 Employees: ~30 Hours
25-49 Employees: ~50 Hours
50-99: ~100 Hours
With the ever increasing amount of cyber threats and work from home companies. The IRS wants to make sure that all tax payer data is protected.
On IRS W-12 to renew your PTIN:
#11 Data Security Responsibilities
I am aware that paid tax return preparers must have a data security plan to provide data and system security
protections for all taxpayer information.
Further: “Under penalties of perjury, I declare that I have examined this application and to the best of my knowledge and belief, it
is true, correct, and complete. I understand any false or misleading information may result in criminal penalties and/or
the denial or termination of a PTIN.”
This should be reviewed annually.
Yes, this applies to anyone who renews their PTIN.