Verified scope WISP advisory Tax firms · 2–20 people Broken Arrow · Nationwide

Dokimos Solutions · Compliance advisory

Your compliance plan should be true.

Written information security programs for tax firms — built from an actual inventory of your systems, not a template with your name typed into it.

Dokimos Solutions seal
Tested and found genuine.
δόκιμος · approved after examination.

01 · The actual product

A document is not a control.

The product is the implementation. The WISP is the receipt.

The IRS publishes a free WISP template. It can say your firm uses multifactor authentication, encrypts customer information, and reviews access. It cannot make any of those statements true.

I start with the systems you actually use, identify where customer information moves, test what exists, and build a written information security program around evidence rather than intention.

02 · What you receive

Concrete artifacts. Clear next moves.

  1. D-01

    Data inventory and vendor map

    What nonpublic personal information exists, where it is collected, stored, transmitted, and who can reach it.

  2. D-02

    Risk and gap assessment

    Your actual systems compared with the applicable elements of the FTC Safeguards Rule.

  3. D-03

    The WISP

    A written program that documents controls you have and distinguishes them from remediation still required.

  4. D-04

    Prioritized remediation plan

    Sequence, owner, evidence target, and the small-firm exemption applied before work is proposed.

Fixed starting scope

Assessment and WISP from $4,500. Typically 2–3 weeks.

Remediation is scoped after the inventory. Nobody can honestly price an MFA rollout before seeing the stack.

Book a 20-minute scoping call

03 · A useful filter

This is not managed IT.

This is not for firms that want a document without changing the controls behind it.

It is for a principal who wants to know what is exposed, what the rule actually requires, and what evidence will make the final plan defensible.

04 · Personally accountable

Leon Breukelman

I bring 15+ years spanning industrial electrical and PLC controls, WISP operations, corporate networking, and cloud security engineering.

I do the assessment, write the program, and answer the phone. There is no handoff from a salesperson to a generic delivery team.

Why that background matters

Start with the facts

Find out what is exposed before buying the fix.

One 20-minute call. No upload of tax records, breach evidence, or customer information.

Book a 20-minute scoping call