Written Information Security Program (WISP)

Overview

A written information security program, or WISP, is the cornerstone of an information governance program. It can assist organizations in mitigating the risk of a cyberattack or the inadvertent disclosure of sensitive information and may also provide a legal defense for data breach-related claims. Pursuant to Ohio’s cybersecurity safe harbor law (2018 SB 220), implementing and maintaining a WISP can provide businesses with an affirmative defense against certain claims alleging that a failure to implement and maintain reasonable security standards resulted in a data breach.

An organization may also be required by data protection laws and regulations to execute a WISP to protect health and medical data, or other types of personally identifiable information.

Thompson Hine can assist your organization with drafting a comprehensive WISP that satisfies Ohio’s cybersecurity safe harbor law or other legal requirements.

WISP Framework

Legal Requirements	Biometric Data	Oversight and Management
Encryption	IT Risk Management	Asset Inventory
Personnel Security	Incident Management	Network Monitoring
Network Management	Trade Secrets	Firewalls
Safe Harbor Standards	Environmental Security	Password Policy
Remote Access	Acceptable Use	Business Continuity

Written Information Security Program (WISP)

WISP Framework

Thompson Hine Again Receives Top Marks in 2020 Corporate Equality Index

Change Of Heart: How Attorneys Can Get Buy-In For Big Ideas

Celebrating Black History Month: An Evening with Xernona Clayton, American Civil Rights Leader

U.S. and Global Trademark & Brand Protection Seminar

U.S. Alleges Huawei Involved in Long-Running Scheme to Steal Trade Secrets

Chemical Industry Regulatory Update – February 2020

Email Disclaimer

Thompson Hine LLP Disclaimer