Written Information Security Plan (WISP) Service & Audits
May 11, 2018 Published by Rajesh Goel
Why you need to consider a WISP
The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has listed cybersecurity as a key focus area in its 2015 risk-based assessments.
The addition of cybersecurity as a 2015 OCIE priority comes on the heels of the April 2014 release of sample cybersecurity questions OCIE stated it may use in conducting examinations of registered entities regarding cybersecurity matters. On February 3, 2015, OCIE then released summary findings from its Cybersecurity Examination Sweep. Brainlink’s team is assisting clients in creating Written Information Security Policies (WISP) and conducting WISP Audits of existing policies.
Anyone or company that has access to client or employee information needs to ensure they implement the appropriate level of administrative and technical safeguards. Additionally, anyone or anything with access to your confidential information needs to have preventative measures in place for protecting confidential data.
What is a WISP
A Brainlink created Written Information Security Policy (WISP) details the policies and procedures for ensuring confidential data is protected, how it’s being protected and who is ensuring it’s protected.
It includes Administrative and Technical Safeguards. Administrative Safeguards:
- Defines confidential data
- How confidential data is protected
- Where confidential data is located (i.e., shared drive, externally hosted, hard copy format, etc.)
- Who has access to confidential data and do they have a business need
- Roles and responsibilities for responding to a data breach or cyber security incident
- Internal and external communication procedures for responding to an incident
- Employee responsibilities and training Technical Safeguards:
- Assessment of technical safeguards (i.e., penetration testing, encryption, software patches, etc.)
- Evaluation of technical safeguards (i.e., Brainlink’s Security Benchmark Report)
- If needed, implementation of additional technical safeguards
Reach out to Brainlink at (917) 685-7731 or firstname.lastname@example.org today to schedule your security assessment.