Have you Written your WISP?

Apr 14, 2010   //   by admin

Last month’s Tech Tip covered some of the main technological security requirements mandated by new Massachusetts’ data security regulations that went into effect on March 1st 2010. E-mail encryption and portable device encryption are among the requirements for organizations which deal with confidential information. In conjunction with the data encryption requirements, a written information security plan must also be implemented.

The written information security plan, or WISP, is a document that outlines how your organization safeguards confidential data and any policies and procedures associated with the protection of that data. The WISP should include all of the preventative measures being implemented by your organization. This includes the methods of encrypting e-mail and portable devices, how paper copies of sensitive data are secured, how employees are trained, and how your organization protects confidential data when dealing with third-party service providers.

The WISP not only satisfies a requirement of the new legislation but also provides your organization with an overview of all the areas that need to be monitored by internal staff. The WISP can also be used as a reference for all employees as to how they should handle confidential data. The best way to protect confidential data is by educating employees on the proper way to handle the information in each situation they may encounter, whether that it be e-mail communications, handling paper files, or protecting the data on laptops or other portable media.

The new Massachusetts’ data security regulations may seem confusing, especially the technical aspects, and you may be unsure what your organization needs to do in order to be in compliance. As always, you should consult with your computer consultants, internal IT department, and your legal team to identify the areas that need to be addressed as they are your best resource for planning and implementing a security solution for protecting confidential data.

 

Ryan’s articles can also be seen in Berkshire Business News, published monthly by the Berkshire Chamber of Commerce.