About
About Safeguards Monitor
Last reviewed July 10, 2026
Safeguards Monitor is an independent publication about the security rules that apply to US tax firms: the Written Information Security Plan (WISP) requirement, the FTC Safeguards Rule, and the IRS guidance behind them. One person writes it, and every regulatory claim on the site is traced back to the regulator that made it.
Who we serve
The reader we write for runs a small tax practice: a solo preparer, a two-person CPA shop, an enrolled agent, a bookkeeper handling a few dozen returns a year. You have a PTIN to renew, an EFIN you cannot afford to lose, and clients whose Social Security numbers sit on your laptop. What you do not have is a compliance department, a general counsel, or a free afternoon to read 16 CFR Part 314 line by line. We read it so you can spend ten minutes where you would otherwise spend two days.
How we work
Three habits, in the order they matter. First, every claim about what a rule requires or what it can cost comes from a primary source (a regulation, an IRS publication, the Federal Register, a court record, or a state statute), and the source is linked on the page. Never from another blog, never from memory. Second, every figure carries the date we last checked it, because rules change and a number that was right in 2024 can be wrong now. Third, we say what we do not know: when we go looking for a case and cannot find one, we tell you that instead of implying the worst.
The standard behind Safeguards Monitor
Most writing about tax-firm security compliance is produced to sell a product, and it shows. Search for what the FTC can fine you and you will find at least seven different figures, several of them out of date and a few invented outright. Our rule is one penalty figure, on one page, taken from the regulation itself. And we say plainly that, as of this writing, we can find no public record of an FTC Safeguards enforcement action against a small tax preparer.
That honesty is not a marketing angle; it is the whole point. The real pressure on a small firm sits elsewhere: your EFIN and what the IRS can do with it, a breach and the clients it exposes, an insurer reading your policy at claim time, a state law with a duty of its own. We map those levers as they actually are. And where the useful data is not published (the breach reports the FTC collects, the plan-status field Massachusetts keeps), our standard is to request it ourselves under the public-records and Freedom of Information laws. How we check every figure, and how we handle those requests, is written out in full on our how-we-verify page.
About the author
Safeguards Monitor is written by Dolev Arama, its founder. Here is the honest version: I am not an attorney, I am not a CPA, and I am not going to pretend to be a compliance authority. What I do is read the primary sources carefully, link them so you can check my work, and refuse to state a rule or a number I cannot trace to the regulator. If a claim on this site is not backed by a regulation, an IRS publication, a court record, or a state statute you can open yourself, it does not run. That is the one rule I do not break. For advice on your specific situation you still want a qualified professional. This site is built to make you a sharper client of one, not to replace them.
What we are not
We are not part of the FTC, the IRS, or any other government agency, and nothing here is an official government position. We are not a law firm, an accounting firm, or a security company, and nothing on this site is legal, regulatory, or financial advice. We do not ask for taxpayer data or client files and have no use for them; there is no reason to send us any, and you should not.
How we make money
Our guides and tools are free, and the free version is built to stand on its own. In time we may refer readers who want hands-on help to vetted specialists; if you book a meeting with one, that specialist may pay us a referral fee, and if we ever link a product we will say so on the page. A commercial relationship will never change a figure on this site; those come from primary sources either way. When any of that goes live, we will spell out exactly how it works.
Contact
The best way to reach us is email: hello@safeguardsmonitor.com. Corrections are especially welcome. If a figure is stale or a source has moved, tell us and we will fix it with a dated note rather than a silent edit. One thing to leave out of your message: any taxpayer or client data. We do not need it and cannot use it.
- We are an independent publication, not a vendor or a government body.
- Every figure is traced to a primary source and carries an as-of date.
- We do not ask for or use client or taxpayer data.