The recent federal “Red Flag Act,” signed into law in December 2010, and the Massachusetts Privacy Law (Mass. General Law Ch. 93), is a wake-up call for businesses nationally. Businesses are now required by law to develop a Written Information Security Program (WISP). The purpose of this legislation is to require companies to maintain a documented plan of action to protect against data breaches and also to have a plan of action after a breach has occurred. Strict regulations are in place for those who do not comply, and failure to do so will result in expensive fines. WISP plans must include administrative, technical and physical safeguards that are designed to meet the requirements of the regulations. The plan must reflect a risk-based approach that is: appropriate to the size, scope and type of business handling the information, the amount of resources available to the business; the amount of stored data and the need for security and confidentiality of both consumer and employees’ information.
Cyber Security Auditors & Administrators LLC specialize in creating WISP plans and include the essential, required content that meets the standards of state and city compliance guidelines. WISP plans are not “one-size-fits-all,” which is why we will strategize with you and build the most comprehensive program that best reflects your company and its needs. Our mission is to make sure every company is compliant with federal guidelines. We have the experience and professional background to assist your business succeed and appease the regulators.