Written Information Security Program (WISP)
A written information security program, or WISP, is the cornerstone of an information governance program. It can assist organizations in mitigating the risk of a cyberattack or the inadvertent disclosure of sensitive information and may also provide a legal defense for data breach-related claims. Pursuant to Ohio’s cybersecurity safe harbor law (2018 SB 220), implementing and maintaining a WISP can provide businesses with an affirmative defense against certain claims alleging that a failure to implement and maintain reasonable security standards resulted in a data breach.
An organization may also be required by data protection laws and regulations to execute a WISP to protect health and medical data, or other types of personally identifiable information.
Thompson Hine can assist your organization with drafting a comprehensive WISP that satisfies Ohio’s cybersecurity safe harbor law or other legal requirements.
WISP Framework
Legal Requirements | Biometric Data | Oversight and Management |
Encryption | IT Risk Management | Asset Inventory |
Personnel Security | Incident Management | Network Monitoring |
Network Management | Trade Secrets | Firewalls |
Safe Harbor Standards | Environmental Security | Password Policy |
Remote Access | Acceptable Use | Business Continuity |
If your organization has suffered a data breach or incident, please contact us at any time (24/7) here and a Thompson Hine cybersecurity attorney will respond to you as soon as possible.