Client Data Security Playbook
Make security operational — plans, checks, training, and evidence
A security operations workflow for accounting and tax practices that builds and maintains a written security plan, validates minimum controls, and runs recurring reviews and training. Because "we take security seriously" needs to be demonstrable, not aspirational.
INGREDIENTS
PROMPT
Create a skill called "Client Data Security Playbook". It should: - Inventory systems that store or process client data - Draft and maintain a Written Information Security Plan - Run recurring baseline control checks for MFA, backups, patching, and access logs - Perform quarterly access reviews and produce a remediation list - Manage a training cadence and keep completion evidence - Maintain an incident-response runbook and an evidence binder template Ask me for our systems list, staff roles, and current policies before generating the first WISP.
How It Works
Accounting and tax teams handle sensitive client data and are frequent targets for phishing and credential theft.
This recipe makes security operational through plans, recurring control checks, and evidence logs.
What You Get
- Written Information Security Plan draft and updates
- Quarterly access review report with remediation items
- Phishing-awareness checklist and training log
- Incident-response runbook and evidence binder template
Setup Steps
- Inventory systems, data flows, and access roles
- Build or refresh the written security plan
- Verify baseline controls (MFA, backups, patching, encryption)
- Run quarterly access reviews and remove stale access
- Track training completion and maintain an incident binder
Tips
- Start with a system inventory before writing policy
- Quarterly access reviews catch drift early
- Keep evidence organized so compliance is demonstrable, not assumed