What is a WISP?
A Written Information Security Policy, or WISP, details policies and procedures for protecting your company’s confidential data, assessing how it’s being protected, and identifying who is ensuring it’s protected. A WISP proactively plans for the “what ifs” and is fundamental to your organization’s security. Administrative, technical, and physical safeguards are defined in a WISP to protect personally identifiable information (PII) and sensitive company information. PII includes identifiers such as full name, Social Security number, driver’s license and bank account numbers, and email addresses. A WISP also ensures that you’re complying with regulatory standards and can help provide defense against liability in the event of a data breach.
Administrative Safeguards
Administrative safeguards can include:
- Definitions of confidential data, how it’s protected, and where it’s located.
- Roles and responsibilities for responding to a data breach and internal & external communication procedures for responding to incidents.
- Contingency planning.
- Employee termination protocol.
- Employee security training guidelines and goals.
- BYOD policies.
Technical Safeguards
Technical safeguards can include:
- Monitoring who has access to confidential data and ensuring only the necessary people are able to access it.
- Use policies for electronic communications, media, internet, and mobile devices.
- Data disposal guidelines.
- System activity and access review.
- Encryption.
Physical Safeguards
Physical safeguards can include:
- Facility access controls to prevent unauthorized access of sensitive information through visitor restrictions, physical office security, and clean desk policies.
- Isolation of networks containing or storing sensitive data.
- Anti-virus and anti-malware protection.
- Vulnerability scans.
- Risk assessments.
- Firewalls.
- Log files.
Ready to Create your WISP?
As we mentioned, a WISP is a critical component of your business security plan. Cyber threats evolve at a rapid pace so your WISP should be reviewed frequently for efficacy. Protecting your business is everyone’s responsibility so a WISP should also be a major component of your employee on-boarding and training programs. Our vCIO Program includes security policy creation and an employee security training platform, among many other things, to get you started and keep you safe. Learn more by clicking here.