guides for compliance
The Essential Guide for 201CMR17 Compliance
Format: Printed Edition or pdf download edition can be selected on each product page. The information in this guidebook, related storage media and accompanying materials is provided as a service to the business community in their efforts to comply with Massachusetts Regulation 201 CMR 17.00. They are tools to achieve compliance and need to be adapted to the particular circumstances of a particular business or individual handling “personal information” covered by this regulation.
SELECT FROM THE FOLLOWING OPTIONS ACCORDING TO your business size. You will be redirected to our secure store.
The Essential Guide for 201CMR17 Compliance
Format: Available on PRINTED or PDF (Download) Edition. Same day shipping.
The Essential Guide for Developing an Information Security Program provides a framework for easily and cost-effectively developing an information security program to your exacting requirements. Whether it’s for regulatory compliance or implementing best business practices, the Guidebook and its accompanying materials enables an end user to quickly construct a business specific information security program (ISP) by inserting only the applicable policies, procedures and other documents into the ISP framework and then modifying them to fit your circumstances.
- All the requisite sample policies procedures and other supporting documents needed to create you information security program (ISP)
- Sample questionnaire to help you gather the specifics about your business sensitive, consumer and personal information and the ability of current computing infrastructure to protect such information
- A risk-based analysis process for assessing foreseeable internal and external risks to the security, confidentiality, and/or integrity of electronic and paper records that contain business sensitive, consumer, and/or personal information
- Reasonable actions for implementing your ISP policies and procedures.
- resources that support implementation of your ISP
- links to website to learn how to write policies and procedures
- links to expert websites to learn more about the imperatives for safeguarding consumer and personal information
- guidance for implementing best practices
The essential Guide for 201cmr17 compliance
what's included
The Essential Guide for 201 CMR 17.00 Compliance is the first in a series of Guidebooks to help business easily and cost-effectively develop their information security program to fit their circumstances.
This Guidebook and the accompanying materials set forth an 18 Step process for developing a business’ comprehensive written information security program (WISP) that is consistent with the requirements of Massachusetts Regulation 201 CMR 17.00 for preventing unauthorized access to or unauthorized use of the personal information (PI) about the residents of the Commonwealth. There are also links to expert websites for you to learn more about the importance of:
Policies and procedures
Protecting consumer and personal information from identity theft and fraud
The end user follows the homework, best practices, resources, instructions and reasonable actions for compliance in the Guidebook and modifies a Microsoft Word template, titled Your WISP, to create its exact written information security program (WISP) that meets or exceeds the requirements or the regulations. The Your WISP template includes:
Populated list of duties and responsibilities for the designated employee(s) who have been assigned to maintain your written information security program
Populated sample job description for an Information Security Coordinator (ISC) for maintaining your written information security program
Series of “questionnaire templates” that are designed to facilitate the gathering of specifics about the personal information contained in your paper and electronic records, and the security of the current computing infrastructure to safeguard those records.
Series of 16 tables to guide you through the process of performing a risk-based analysis of your current information security program’s ability to meet the requirements of 201CMR17. There are also 16 accompanying tables for you to enter a “yes” or “no” response for actions planned for improving the effectiveness of current information security program (ISP) to be more consistent with the regulation.
Over 20 sample documents that can be easily modified to fit your circumstances:
10 sample policies
8 sample procedures
3 sample forms