Why You Need a WISP
Massachusetts requires most businesses and organizations to have a Written Information Security Program (WISP). If your business uses or stores personal information of MA residents, including that of your own employees, then you need a WISP.
We can help you create a policy and improve your security practices to meet MA regulations and protect your business. Read more below, or contact us today for more information.
What is a WISP?
A WISP is your company’s internal policy for safeguarding personal information, as required by 201 Code Mass. Regs. 17.00.
Do I need a WISP?
If your company has personal information of a resident of Massachusetts, including that of your own employees, you are required to have a WISP. Even if that data is stored with a service provider - for example a company that processes your credit card transactions or handles your company’s payroll, you are required to have a WISP.
If there is ever a breach of personal information at your company, new regulations require reporting whether you have a WISP to the Office of Consumer Affairs and Business Regulation and the Attorney General's Office.
What counts as personal information?
A person's full name, or first initial and last name, in combination with either a social security number, drivers license or state issued ID number, credit card number, or financial account number.
Additionally, you’ll need to provide training for employees, designate an employee as a “Data Coordinator” responsible for maintaining the WISP, oversee 3rd part service providers, and notify the government and affected residents in the event of a data breach.
What kind of things are included in a WISP?
The policy outlines administrative, technical, and physical safeguards put in place to protect personal information. These safeguards range from simple protective measures like making sure physical records are kept in locked filing cabinets, to more complex technical ones, like making sure devices containing PI are encrypted and network equipment is secure and up to date.
How we can help
We’ll guide you through all the steps of creating your policy and making sure you understand everything in it. As an IT company with many years experience serving businesses, we can also guide you though any necessary changes you’ll need to make to your computers or network to make them secure.