WISP Information

A key component to reaching your security and compliance goals is the development and implementation of a Written Information Security Program (WISP).  The Massachusetts regulations (201 CMR 17) state:

• To whom does this regulation apply?
  The regulation applies to those engaged in commerce.  More specifically, the regulation applies to those who collect and retain personal information in connection with the provision of goods and services or for the purposes of employment.
• Must my information security program be in writing?
  Yes, your information security program must be in writing.  The scope and complexity of the document will vary depending on your resources, and the type of personal information you are storing or maintaining.

Don't panic!  The GuideMark Security Team can develop your WISP for you.  If you want to undertake the task yourself there are some Massachusetts state resources that can help you get started.  Here is a three step process to help you get started:

Step 1:  Read the 201 CMR 17 Frequently Asked Questions (FAQs) document developed by the Commonwealth of Massachusetts to understand the scope and timing of your obligations under the regulations.

Step 2:  Review the Compliance Checklist and develop a list of actions needed to minimize your risks.

Step 3:  Print out the Small Business Guide: Formulating A Comprehensive Written Information Security Program and use it as a starting point for your formal WISP.