IRS Publication 5838 – IRS Forms, Instructions, Pubs 2026

IRS Publication 5838 – IRS Forms, Instructions, Pubs 2026 – In the world of volunteer tax assistance, safeguarding taxpayer information is paramount. IRS Form 15272, also known as the VITA/TCE Security Plan, plays a crucial role in ensuring that Volunteer Income Tax Assistance (VITA) and Tax Counseling for the Elderly (TCE) sites maintain high standards of data protection. This form helps site coordinators document security measures, comply with IRS requirements, and protect sensitive personally identifiable information (PII). Whether you’re a site coordinator, volunteer, or partner organization, understanding Form 15272 is essential for running a compliant and secure tax preparation site.

As of its latest revision in October 2025, Form 15272 emphasizes adherence to IRS Publication 4299, Privacy, Confidentiality, and Civil Rights – A Public Trust, which outlines key security protocols. This article breaks down everything you need to know about the form, including its purpose, who must use it, how to complete it, and best practices for submission.

What Is IRS Form 15272?

IRS Form 15272 is a standardized document designed to create an annual security plan for VITA/TCE sites. It captures essential information about security controls, responsible contacts, software usage, and equipment inventory. The form ensures that sites follow IRS guidelines to prevent unauthorized access, handle incidents effectively, and control devices like laptops and printers.

The primary goal is to enhance and maintain the security of taxpayer information by adhering to requirements in Publication 4299. Sites can use this exact form or a similar document that covers the same details, making it flexible for different operations. It’s part of the IRS’s Quality Site Requirements (QSR #10), which mandates procedures for protecting PII, using passwords on computers, securing internet connections, and more.

For visual reference, here’s a sample view of the blank form:

The Purpose of the VITA/TCE Security Plan

The core purpose of Form 15272 is to document how a VITA/TCE site protects taxpayer data throughout the tax preparation process. This includes physical and electronic safeguards, volunteer training on privacy, and incident reporting protocols. By completing the form, sites demonstrate compliance with IRS standards, reducing risks like data breaches or unauthorized disclosures.

Key elements addressed in the plan include:

  • Confirming volunteer awareness of security requirements, such as validating taxpayer identities and maintaining privacy during interviews.
  • Restricting access to wireless networks and tax preparation software based on roles (e.g., preparers, quality reviewers).
  • Securing equipment and disposing of PII properly when no longer needed.
  • Reporting lost or stolen devices and data breaches promptly to the SPEC Territory Office.

For virtual VITA/TCE models, the form requires additional details on processes like appointment scheduling, taxpayer authentication, and secure document sharing. This ensures even remote operations uphold the same security standards.

Who Needs to Complete IRS Form 15272?

All VITA/TCE sites, except Facilitated Self-Assistance (FSA) remote sites, must prepare a security plan using Form 15272 or an equivalent. This includes traditional in-person sites and those using virtual models. Site coordinators are primarily responsible for completing and signing the form, with input from partners and alternate coordinators.

If your site uses IRS-loaned equipment, partner-owned devices, or volunteer hardware, you’ll need to inventory them on the form. Grant recipients under the VITA program must also align their security plans with grant requirements, such as protecting computers with passwords and using secure connections.

Volunteers and partners play a supporting role by adhering to the documented procedures, but the site coordinator oversees submission to the SPEC Territory Manager for approval.

How to Fill Out IRS Form 15272: Step-by-Step Instructions

Filling out Form 15272 is straightforward but requires careful attention to detail. Gather site information, equipment lists, and confirm compliance with Publication 4299 before starting. The form is divided into sections, and most questions are yes/no with space for explanations if “no.”

Step 1: Gather Required Information

  • Site name, address (including suite/room), and SIDN (Site Identification Number).
  • Contact details for the site coordinator, alternate coordinator, and partner.
  • Type of tax software (e.g., IRS TaxSlayer, online/desktop, or other).
  • Equipment inventory: List laptops, portable mass storage devices (e.g., USBs), and other items, noting ownership (IRS, partner, or volunteer) and quantities.
  • Details on security practices and virtual processes if applicable.

Step 2: Complete Section I – Security Requirements

This section includes 12 yes/no questions referencing Publication 4299. For example:

  1. Are procedures in place to confirm volunteer awareness of security requirements? (Refer to privacy principles on page 2.)
  2. If using wireless, are networks restricted with WPA2 encryption and 256-bit keys?
  3. Are software access privileges limited by role? …
  4. Does the site use a virtual model? (If yes, proceed to Section II.)

Provide explanations for any “no” answers, such as alternative measures.

Step 3: Complete Section II – Virtual VITA/TCE Model (If Applicable)

Describe stages like appointment scheduling, intake, authentication, preparation, review, and e-filing. Include how consents are obtained (e.g., via Form 14446) and secure transmission methods (e.g., encrypted email). Outline taxpayer authentication and document handling to prevent breaches.

Step 4: Sign and Date

The site coordinator and partner must sign. Route for additional signatures if needed.

For a practical example, review filled samples where sites detail their processes, such as deactivating software access after hours or using secure storage.

Submission and Approval Process for Form 15272

Submit the completed form to your SPEC Territory Manager or designee before the site opens, no later than December 31. Include it with other required documents like Form 13533 (Sponsor Agreement) and Form 13715 (Volunteer Site Information Sheet).

Once approved, keep a physical or electronic copy at the site and with the territory office. Update annually or if site operations change.

Best Practices for VITA/TCE Security Compliance

To optimize your security plan:

  • Train volunteers on Publication 4299, including strong passwords (8+ characters, changed every 90 days) and multi-factor authentication.
  • Use encryption for all electronic data and shred physical documents when disposing.
  • Report breaches immediately to SPEC, followed by notifications to affected parties if needed.
  • Avoid public Wi-Fi without VPNs and limit PII access to “need-to-know” basis.
  • At season’s end, delete all taxpayer data from devices per Publication 1084 guidelines.

Noncompliance can lead to penalties under IRC Sections 7216 and 6713, including fines or program exclusion.

Conclusion: Prioritizing Security in Volunteer Tax Services

IRS Form 15272 is more than paperwork—it’s a vital tool for building trust and protecting taxpayers in VITA/TCE programs. By following these guidelines and using trusted IRS resources, sites can operate securely and efficiently. For the latest form, download it directly from the IRS website at https://www.irs.gov/pub/irs-pdf/f15272.pdf. If you’re involved in a VITA/TCE site, start your security plan today to ensure a smooth tax season.