In part one, we talked about whether you need a Written Information Security Plan or WISP and the importance of the March 1, 2012, deadline for vendor compliance. Now, we discuss what exactly is in a WISP?
Generally speaking, it is supposed to cover the development, implementation, maintenance and monitoring of the collection and use of personal information. It is a written policy that designates a person in charge, places safeguards in place to prevent data breaches and outlines a procedure if one happens.
Fortunately, the law says the level of detail of your WISP depends on the amount of personal information you maintain. You, very likely, don’t have to follow the same WISP as Raytheon.
Specifically, a WISP should...
Please see full article below for more information.
Please see full publication below for more information.