Comprehensive Written Information Security Program

The iso version of the written information security program wisp is a comprehensive set of it security policies and standards that is based on theiso 27002 2013 framework and it can help your organization become iso 27002 compliant.

Comprehensive written information security program.

Sans has developed a set of information security policy templates. This iso based wisp is a comprehensive customizable easily implemented microsoft word document that contains the iso 27002 based policies control objectives. Our objective in the development and implementation of this comprehensive written information security plan plan is to create effective administrative technical and physical safeguards for the protection of personal information of residents of the commonwealth of massachusetts and to comply with our obligations under201 cmr 17 00. Written information security program wisp the objectives of this comprehensive written information security program wisp include defining documenting and supporting the implementation and maintenance of the administrative technical and physical safeguards company has selected to protect the personal information.

A comprehensive written information security program includes administrative technical and physical safeguards appropriate to the credit union s size and complexity and the nature and scope of its activities. The board or designated board committee should approve the institution s written information security. A wisp or written information security program is the document by which an entity spells out the administrative technical and physical safeguards by which it protects the privacy of the personally identifiable information it stores. The development of a written information security program for a small business or individual that handles personal information each item presented in question form highlights a feature of 201 cmr 17 00 that will require proactive attention in order for a plan to be compliant.

Comprehensive information security program table of content 1 introduction 1 1 ul lafayette information security strategy purpose 1 2 iso 27002 security standards background 1 3 the control triad preventive detective and corrective 1 4 selection of controls 1 5 layering of controls defense in depth. These are free to use and fully customizable to your company s it security practices. The comprehensive written information security program wisp. Every person that owns or licenses personal information about a resident of the commonwealth shall develop implement and maintain a comprehensive information security program that is written.