Home > Free Essays > Business > Management > Information Security Standards for Internal Revenue Service
5 min
Cite This

Information Security Standards for Internal Revenue Service Research Paper


Information Revenue Service (IRS) is an American agency that collects taxes and enforces the tax laws that guide the entire process. Since the agency is handling information deemed confidential, it has employed numerous securities standards in enhancing confidentiality of their data.

The information security standards at IRS have abroad perspective; the security components include physical security program, Privacy, Information Protection and Data Security (PIPDS), Information Technology (IT) Security, and National and Personal Security Information (Internal Revenue Manual, n.d.). Information privacy at IRS remains a key issue in enhancing taxpayers’ confidence.

The purpose of physical security program is to offer protection to the lives of employees and the entire management of IRS. IRS protects its information through data security, physical security, and sensitive procedures of handling documents. These complex procedures ensure that these resources are not accessible to third parties.

Third parties ease to data accessibility can cause risk and harm. In enhancing information security, IRS ensures that the security procedures are in line with the federal regulations of disclosure, access, disposition, and use of information. Under this program, there are authorities that ensure the employees and contractors meet the outlined standards fully. For instance, The Privacy Act of 1974 prohibits information disclosure from public records without a written acceptance from the concerned person.

The Act follows a specified rule regarding allowing an individual to access any information. The rule clarifies on the timing fee and location under which the body can authenticate one to view the data (Internal Revenue Manual, n.d.). Although one has a right to get access to any of the agency’s records, an exemption prohibits information access by the public. If on request for information availability on a format that is already available, the agency is free to supply such information on a format that is reproducible.

Additionally, IRS conducts annual security briefings to its employees in order to familiarize them with their security responsibilities. The agency only grants access to sensitive information on a need-to-know basis, and the employees remain responsible for providing security to all information to enhance trust among the public.

The agency has a Physical Security Handbook that outlines guidelines on minimum information security standards that allow flexibility for developing higher standards for meeting different requirements. The management at IRS implements these policies on physical security.

In Information Technology (IT) Security, IRS’s systems and applications are secured (Internal Revenue Manual, n.d.). The IT Security creates, updates, and maintains information. This system enhances the security of information that the taxpayers have given to IRS thus averting issues of unauthorized information access. Clearly, information security starts with improving physical security of the organization.

On Privacy, Information Protection, and Data Security (PIPDS), IRS uses modern technological applications to protect the taxpayers’ personal identifiable information. The agency uses these data according to the applicable laws and Presidential Directives (Internal Revenue Service (IRS), 2013).

This step enhances confidence among the American taxpayers. Notably, PIPDS Programs and Policies carry out implementation of varied programs that boost information security standards. For instance, the Privacy Impact Assessments (PIAs) carries out the overall assessment of both the internal and external threats that can compromise information confidentiality.

This program follows the guidelines in the E-Government Act of 2002. Further, Information Protection program protects taxpayers from identity theft. The policies and procedures avoid access of data by hackers. Incident Management Program (IMP) is a program that takes necessary steps and responses in case of data losses especially personally identifiable data.

IMP also responds to data disclosure, breach, and theft. IRS prevents third parties from accessing taxpayers’ private information. IRS launched IMP after the President’s Identity Theft Task Force recommendations of data loss notification. Notably, it is a requirement for employees to report any disclosure, theft, and loss of information within an hour. This reporting time limit is meant to minimize the possibility of compromising personal information thus can be used in committing fraudulent activities.

However, an employee has to confirm the identity of the caller before reporting the incident within the stipulated one hour. This step helps in confirming if the caller is a taxpayer or not (US Tax Center, n.d.). The PIPDS office monitors and regulates Live Data Testing Reviews. The regulations restrict live data testing without prior written approval; this responsibility lies with the PIPDS office.

Taxpayers who perform online transactions through computers are protected from fraudulent cases by the Online Fraud Detection & Prevention. The launched phishing program conducts a global monitoring of those who access their websites; in case of malicious occurrences, the program reports to the central system for immediate intervention.

Markedly, IRS has ensured safety of their data by using these programs. In addition, IRS assigns pseudonyms to all their employees. Pseudonyms are false identity names; they ensure safety of employees. In online transactions, such names make it difficult for trackers to identify the personal information of the employees. IRS policies require that an employee must give adequate justifications to why he/she wants to use the pseudonym.

Employees have to register these pseudonyms with the managers; this is for accountability purposes. IRS also runs the Unauthorized Access (UNAX) program. UNAX program offers employees’ awareness on consequences of compromising data like losing the public’s confidence (Internal Revenue Manual, n.d.).

There is also strict legislation on breaching of Personally Identifiable Information (PII). Personal safety also comprises of harassment, taxpayer contacting an employee with no legitimate communication, and taxpayer’s aggression towards IRS employees. The well-guided procedure on the use of pseudonyms shows the extent at which IRS puts into concern its information security standards.

On its key principles, IRS works towards protecting individuals’ rights to privacy. IRS can distribute these data only when they are authorized by federal legislation. The employees can be allowed to access these taxpayers’ data. In case of information leakage to wrong or unauthorized persons during this process, these groups of people become liable.

The law requires them not to leak any taxpayer’s information in any format, either electronic formats or hardcopy documents, to any person. The agency goes ahead to conduct in-house trainings to these groups of people in order to remind them of their daily expectations. Moreover, the senior management is always in the forefront in ensuring that the employees adhere to the privacy policy and data security procedures.

In case of non-compliance, the senior management applies penalties in line with the IRS policy and guidelines. The IRS Privacy Principles include the following: It is a public trust to protect employees and taxpayers’ privacies, information are only collected upon request from the tax management, these information are used for a specific purpose, and reliable information are to be obtained from individuals who relate to them (Internal Revenue Service Topics Page, n.d.).

In their services and roles, IRS stipulates that its employees, visitors and contractors must adhere to the federal privacy guidelines. IRS system owners are expected to be formulating and promoting effective and efficient information protection, employee and taxpayer policy, and information security programs.

The different divisions in IRS enhance service delivery as specialization does increases work output. The information security standard is enhanced through IRS partnership with Government Liaison and Disclosure. The partnership ensures that the privacy policy applied in the agency is in accordance with the Privacy Act of 1974. It also facilitates the development and distribution of periodical reviews that update the changes on information protection policy.

The Information Security Standards for IRS uphold privacy of data. However, monitoring of people as they access information in the internet shows that privacy is at the same time not fully upheld.

The idea of tracking for collecting statistical data is revoking the same provisions of information security as it results to tracking (IRS Has Improved Controls but Needs to Resolve Weaknesses, 2013). From this point of view, information in the World Wide Web seems to expose a person’s privacy such as location and computer information like internet protocol address.

Although IRS has made tremendous steps towards achieving total information protection, it still requires effective implementation of the information security program. Some of the components of security, which have not met their targets or operated effectively, include the IRS procedure of testing on the financial system.

Data privacy is essential in element in any organization. IRS should ensure that all their security programs are effective thus working towards meeting their objectives. In the end, the improved services will raise taxpayers’ confidence, trust, and loyalty.


. (2013, March 15).U.S. Government Accountability Office (U.S. GAO). Web.

. (n.d.). Internal Revenue Service. Web.

(IRS). (2013, March 7). USA.gov: The U.S. Government’s Official Web Portal. Web.

Internal Revenue Service Topics Page. (n.d.). USA TODAY: Latest World and US News – USATODAY.com. Web.

US Tax Center. (n.d.). US Tax Center | File Your Tax Return Online, Tax Extension, Tax Forms, Tax Help. Web.

This research paper on Information Security Standards for Internal Revenue Service was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Research Paper sample written from scratch by
professional specifically for you?

Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar

certified writers online

Cite This paper

Select a citation style:


IvyPanda. (2019, August 7). Information Security Standards for Internal Revenue Service. Retrieved from https://ivypanda.com/essays/information-security-standards-for-internal-revenue-service/

Work Cited

"Information Security Standards for Internal Revenue Service." IvyPanda, 7 Aug. 2019, ivypanda.com/essays/information-security-standards-for-internal-revenue-service/.

1. IvyPanda. "Information Security Standards for Internal Revenue Service." August 7, 2019. https://ivypanda.com/essays/information-security-standards-for-internal-revenue-service/.


IvyPanda. "Information Security Standards for Internal Revenue Service." August 7, 2019. https://ivypanda.com/essays/information-security-standards-for-internal-revenue-service/.


IvyPanda. 2019. "Information Security Standards for Internal Revenue Service." August 7, 2019. https://ivypanda.com/essays/information-security-standards-for-internal-revenue-service/.


IvyPanda. (2019) 'Information Security Standards for Internal Revenue Service'. 7 August.

More related papers
Psst... Stuck with your
assignment? 😱
Psst... Stuck with your assignment? 😱
Do you need an essay to be done?
What type of assignment 📝 do you need?
How many pages (words) do you need? Let's see if we can help you!