Massachusetts Written Information Security Program (WISP) Template

Home » Massachusetts Written Information Security...

Massachusetts wisp template

Massachusetts (WISP) Template

Massachusetts Written Information Security Program (WISP) Sample

A Written Information Security Program (WISP) is a document that details an organization’s security controls, processes, and policies. A WISP is a roadmap for an organization’s IT security and is legally required by several states.

Data security laws are in place to ensure that businesses that own, license, or maintain personal information about residents implement and maintain reasonable security procedures and practices.

A Written Information Security Program is designed to provide your organization with solid security procedures that not only reduce your chance of a breach but also limit your liability if one were to occur.

Massachusetts has one of the strictest data security laws in the country. Even if you are not from Massachusetts, if you do business with Massachusetts residents, then you are legally obligated to have a Written Information Security Program.

Massachusetts data security regulations that went into effect in 2010 require every company that owns or licenses PII about Massachusetts residents to develop, implement, and maintain a Written Information Security Program.

Despite the requirement, many companies, even those located in Massachusetts, have not done so.

In fact, in most cases, businesses only learn about the Massachusetts WISP requirement after they have been involved in a breach.

However, in 2019 Massachusetts amended its data breach notification law. Specifically, Mass law now requires organizations involved in a data breach to notify the Massachusetts Attorney General to confirm whether the organization implemented a WISP.

As a result, businesses now face stricter consequences for failure to implement a WISP. Specifically, failure to implement a WISP could result in increased fines and penalties.