As information security becomes a concern for your company, the first steps towards mitigating risk within your organization is the development of the Written Information Security Policy . This policy is required for companies owned or operating in Massachusetts under the Data Security Regulation act, and at the Federal level all financial based institutions are required to maintain a WISP under the Gramm-Leach-Bliley Act. For businesses that may not fall under a regulatory umbrella, development of a WISP is still integral to the safe growth of your company. Having this policy on hand goes far if the security of your company is ever compromised, as it illustrates the due diligence and care give to the safe management of your data. It improves accountability and the success of your employees, and guides your company down a determined roadmap for how your IT infrastructure should grow. In short, HIPPA, Financial, High Security, or none of the above, you need a WISP!
The S+ Process:
-We begin to develop your WISP through a full network assessment and development of your IT Runbook, through which we begin to identify several technology benchmarks and objectives that have to be reached to achieve compliance with your regulations or desired policy.
-We then draft your Business Impact Analysis, and examine multiple factors surrounding your business to determine what level of security is required for your company, based on the types of data you manage. This is then compared against a Risk Analysis to put in contrast the various risk factors and potential monetary risk that would be faced in the most likely scenarios that would impact your business. Factors that could impact this could be the obvious but unlikely, hackers trying to knock down your door, to perhaps not the most obvious but the most likely, hardware failures without disaster recovery in place or a disgruntled employee who knows how to delete things (who doesn’t?). You should understand the risks associated with your business, and plan accordingly, without overspending or putting security polices in place that could disrupt your workflow.
– We identify the objectives, risks, policy objectives and mitigations, and package them together for you into policy that will be implemented into your business practice:
WISP Based Training:
Already have a WISP? Or just got our fresh one? We will train your employees on the proper compliance to this policy!