Overview

A written information security program, or WISP, is the cornerstone of an information governance program. It can assist organizations in mitigating the risk of a cyberattack or the inadvertent disclosure of sensitive information and may also provide a legal defense for data breach-related claims. Pursuant to Ohio’s cybersecurity safe harbor law (2018 SB 220), implementing and maintaining a WISP can provide businesses with an affirmative defense against certain claims alleging that a failure to implement and maintain reasonable security standards resulted in a data breach.

An organization may also be required by data protection laws and regulations to execute a WISP to protect health and medical data, or other types of personally identifiable information.

Thompson Hine can assist your organization with drafting a comprehensive WISP that satisfies Ohio’s cybersecurity safe harbor law or other legal requirements.

WISP Framework
Legal Requirements Biometric Data Oversight and Management
Encryption IT Risk Management Asset Inventory
Personnel Security Incident Management Network Monitoring
Network Management Trade Secrets Firewalls
Safe Harbor Standards Environmental Security Password Policy
Remote Access Acceptable Use Business Continuity