Written Information Security Program (WISP)
A written information security program, or WISP, is the cornerstone of an information governance program. It can assist organizations in mitigating the risk of a cyberattack or the inadvertent disclosure of sensitive information and may also provide a legal defense for data breach-related claims. Pursuant to Ohio’s cybersecurity safe harbor law (2018 SB 220), implementing and maintaining a WISP can provide businesses with an affirmative defense against certain claims alleging that a failure to implement and maintain reasonable security standards resulted in a data breach.
An organization may also be required by data protection laws and regulations to execute a WISP to protect health and medical data, or other types of personally identifiable information.
Thompson Hine can assist your organization with drafting a comprehensive WISP that satisfies Ohio’s cybersecurity safe harbor law or other legal requirements.
|Legal Requirements||Biometric Data||Oversight and Management|
|Encryption||IT Risk Management||Asset Inventory|
|Personnel Security||Incident Management||Network Monitoring|
|Network Management||Trade Secrets||Firewalls|
|Safe Harbor Standards||Environmental Security||Password Policy|
|Remote Access||Acceptable Use||Business Continuity|