A Written Information Security Program (WISP) is a document that details an organization’s security controls, processes, and policies. A WISP is a roadmap for an organization’s IT security and is legally required by several states.
Data security laws are in place to ensure that businesses that own, license, or maintain personal information about residents implement and maintain reasonable security procedures and practices.
A Written Information Security Program is designed to provide your organization with solid security procedures that not only reduce your chance of a breach but also limit your liability if one were to occur.
Massachusetts has one of the strictest data security laws in the country. Even if you are not from Massachusetts, if you do business with Massachusetts residents, then you are legally obligated to have a Written Information Security Program.
Massachusetts data security regulations that went into effect in 2010 require every company that owns or licenses PII about Massachusetts residents to develop, implement, and maintain a Written Information Security Program.
Despite the requirement, many companies, even those located in Massachusetts, have not done so.
In fact, in most cases, businesses only learn about the Massachusetts WISP requirement after they have been involved in a breach.
However, in 2019 Massachusetts amended its data breach notification law. Specifically, Mass law now requires organizations involved in a data breach to notify the Massachusetts Attorney General to confirm whether the organization implemented a WISP.
As a result, businesses now face stricter consequences for failure to implement a WISP. Specifically, failure to implement a WISP could result in increased fines and penalties.
If you are looking for a Written Information Security Program Template in order to get the ball rolling towards meeting compliance requirements, then please download our free template below.
Specifically, our Massachusetts WISP template covers the following WISP Framework:
If your organization is looking for assistance crafting or tailoring a WISP to meet the needs of your business, then please contact us.
To download our WISP template, please fill out the form.