Businesses are now required by law to develop a Written Information Security Program (WISP). The Federal “Red Flag Act,” signed into law in December 2010, and the Massachusetts Privacy Law (Mass. General Law Ch. 93), are wake-up calls for businesses nationally. WISP plans are not a one-size-fits-all solution and is not a binder that sits on a shelf collecting dust. It is not a self administered survey.
The purpose of this legislation is to require companies to maintain a documented plan of action to protect against data breaches and also to have a plan of action after a breach has occurred. WISP plans must include administrative, technical and physical safeguards that are designed to meet the requirements of the regulations. The plan must reflect a risk-based approach that is appropriate to the size, scope and type of business handling the information, the amount of resources available to the business; the amount of stored data and the need for security and confidentiality of both consumer and employee information.
>>> Learn more about how Dolvin Consulting can help you with your WISP Plans