Creating a Written Information Security Plan (WISP) for Your Business
Massachusetts statutory law requires all businesses that maintain an individual’s personal information to implement and follow a Written Information Security Plan (WISP). Personal information is defined as a resident’s full name in addition to a data element like a Social Security number, driver’s license number or financial account number. 201 CMR 17.002. WISPs are required to establish policies and procedures for maintaining both physically and electronically stored private information and protecting them against unauthorized access. Here are some key elements to consider when you are creating a WISP for your business.