Do You Have Your Mass WISP Document in Place for March 1st?
Posted by Len Diana on Wed, Feb 10, 2010 @ 10:19 AM
On September 19, 2008 the Massachusetts Office of Consumer Affairs and Business Regulation established new identity-theft regulations, 201 CMR 17.00: Standards for The Protection of Personal Information, which requires all Massachusetts businesses to protect all personal information of the citizens of the Commonwealth. Accompanied by Massachusetts law M.G.L. c 93H
201 CMR 17.00's requirements include up-to-date antivirus software, firewalls, encryption and a Written Information Security Plan (WISP) along with other documentation. Massachusetts WISP plans with these compliance standards must be met by businesses by March 1, 2010.
We recommend that you read the Office of Consumer Affairs and Business Regulation FAQ, at: http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf
2010-02 Compliance with 201 CMR 17:00, Standards for the Protection of Personal Information of Residents of the Commonwealth
http://www.mass.gov/pageID=ocamodulechunk&L=4&L0=Home&L1=Government&L2=Our+Agencies+and+Divisions&L3=Division+of+Insurance&sid=Eoca&b=terminalcontent&f=doi_Bulletins_bulletins_10_02&csid=Eoca
Can Baesis help?
Yes, as part of our WISP services, Baesis will perform the following procedures that are required by the 201 CMR 17 Regulations:
- Develop a customized WISP
- 27 Point Network Audit: Ensuring that their network meets the regulations of security requirements. (Baesis managed service clients should already meet or exceed most of these requirements)
- Risk Assessment
- Create an action plan for remediation to achieve compliance
- Provide on-going assistance in maintaining compliance
- Establish network security, policies and procedures