Dokimos Solutions · Compliance advisory
Your compliance plan should be true.
Written information security programs for tax firms — built from an actual inventory of your systems, not a template with your name typed into it.
δόκιμος · approved after examination.
01 · The actual product
A document is not a control.
The product is the implementation. The WISP is the receipt.
The IRS publishes a free WISP template. It can say your firm uses multifactor authentication, encrypts customer information, and reviews access. It cannot make any of those statements true.
I start with the systems you actually use, identify where customer information moves, test what exists, and build a written information security program around evidence rather than intention.
02 · What you receive
Concrete artifacts. Clear next moves.
- D-01
Data inventory and vendor map
What nonpublic personal information exists, where it is collected, stored, transmitted, and who can reach it.
- D-02
Risk and gap assessment
Your actual systems compared with the applicable elements of the FTC Safeguards Rule.
- D-03
The WISP
A written program that documents controls you have and distinguishes them from remediation still required.
- D-04
Prioritized remediation plan
Sequence, owner, evidence target, and the small-firm exemption applied before work is proposed.
Fixed starting scope
Assessment and WISP from $4,500. Typically 2–3 weeks.
Remediation is scoped after the inventory. Nobody can honestly price an MFA rollout before seeing the stack.
03 · A useful filter
This is not managed IT.
This is not for firms that want a document without changing the controls behind it.
It is for a principal who wants to know what is exposed, what the rule actually requires, and what evidence will make the final plan defensible.
04 · Personally accountable
Leon Breukelman
I bring 15+ years spanning industrial electrical and PLC controls, WISP operations, corporate networking, and cloud security engineering.
I do the assessment, write the program, and answer the phone. There is no handoff from a salesperson to a generic delivery team.
Why that background mattersStart with the facts
Find out what is exposed before buying the fix.
One 20-minute call. No upload of tax records, breach evidence, or customer information.
Book a 20-minute scoping call