What is a written information security plan (policy)

The Written Information Security Plan (WISP)

WISP. Enter the Written Information Security Plan (WISP), a powerful document that uplifts and empowers businesses to safeguard their most valuable asset—information.

With the WISP as their guiding compass, organizations embark on a journey of resilience and protection. This comprehensive plan outlines the strategies, protocols, and best practices that fortify the digital fortress, shielding sensitive data from the clutches of cyber threats.

As the WISP takes shape, it becomes a beacon of trust and confidence. It unifies employees, fostering a culture of security awareness and accountability, where every individual becomes an advocate for safeguarding information. With shared knowledge and a collective commitment, organizations soar to new heights, confident in their ability to thwart attacks and maintain data integrity.

The WISP breathes life into organizations, enabling them to meet regulatory compliance requirements with grace and ease. By aligning with industry standards and guidelines, businesses inspire trust in customers, partners, and stakeholders, forging unbreakable bonds and propelling growth.

Embrace the uplifting power of the WISP and embark on a transformative journey where information security becomes a source of strength and inspiration. Together, we can forge a future where organizations rise above the challenges, protecting what matters most and unleashing boundless opportunities for progress.

A written information security plan (WISP) is a document that outlines how a business or organization protects the personal information of its customers, clients, or employees from unauthorized access, use, or disclosure. A WISP is required by federal law for tax and accounting professionals under the Gramm-Leach-Bliley Act (GLBA) and the Safeguards Rule. A WISP should include the following elements:

• A designated employee or employees to coordinate the information security program
• An assessment of the risks to customer information in each relevant area of the business operation
• A description of the safeguards implemented to control the identified risks
• A process for monitoring and testing the effectiveness of the safeguards
• A selection of service providers that can maintain appropriate safeguards
• An evaluation and adjustment of the program considering relevant circumstances, such as changes in the business or operations, or the results of security testing and monitoring

A WISP should also be appropriate to the size, scope, complexity, and sensitivity of the customer data handled by the business or organization. A WISP should be written in a format that others can easily read, such as PDF or Word, and should be stored in a secure location, preferably offsite or in the cloud. A WISP should also be regularly reviewed and updated to reflect any changes in the business environment or security threats.

A WISP is not only a legal requirement but also a good business practice that can help protect your business and your clients from data breaches, identity theft, and fraud. A WISP can also help you prepare for and respond to any security incidents that may occur.