Written Information Security Program (WISP)

Overview

A written information security program, or WISP, is the cornerstone of an information governance program. It can assist organizations in mitigating the risk of a cyberattack or the inadvertent disclosure of sensitive information and may also provide a legal defense for data breach-related claims. Pursuant to Ohio’s cybersecurity safe harbor law (2018 SB 220), implementing and maintaining a WISP can provide businesses with an affirmative defense against certain claims alleging that a failure to implement and maintain reasonable security standards resulted in a data breach.

An organization may also be required by data protection laws and regulations to execute a WISP to protect health and medical data, or other types of personally identifiable information.

Thompson Hine can assist your organization with drafting a comprehensive WISP that satisfies Ohio’s cybersecurity safe harbor law or other legal requirements.

WISP Framework

Legal Requirements	Biometric Data	Oversight and Management
Encryption	IT Risk Management	Asset Inventory
Personnel Security	Incident Management	Network Monitoring
Network Management	Trade Secrets	Firewalls
Safe Harbor Standards	Environmental Security	Password Policy
Remote Access	Acceptable Use	Business Continuity

Written Information Security Program (WISP)

WISP Framework

INSIGHT: Employee Health Benefits Need Re-Check During Coronavirus Outbreak

Force Majeure & Commercial Contracts

Families First Coronavirus Response Act: Next Steps for Employers

Webinar - Workforce Management Considerations in the COVID-19 Era

Communicating With Your Lenders Early and Often Is More Important Than Ever

FTC and DOJ Announce Changes to Civil Merger Review Process During COVID-19 Pandemic, Including Changes to HSR Early Termination Procedure

Email Disclaimer

Thompson Hine LLP Disclaimer