ࡱ> e [8bjbj |xj\xj\M0 f f 8*|2BBzKD_$AAAAAAA$DFA)"KAmA%"%"%"FA%"A%"%"=@0$Xw>AB02B>xG!xG4@@&xG9@d%"AA 2BxGf > :  Written Information Security Policy (WISP) Template Copyright 2009 ComplianceHelp.Net:: This material is copyright protected and cannot be copied or used except as authorized in the attached license. Please see the attached license. Warning: The unauthorized reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000. Instructions: Answer the 8 questions and the WISP will be automatically generated on the following pages. Then simply review, print out, and sign the WISP. What is your company name?  FORMTEXT [Your Company Name]What is your address (without ZIP)?  FORMTEXT [Your Company Address Here]Who will be in charge of your Information Security Policy? 201 CMR 17 requires that you designate one person to be in charge of security.  FORMTEXT [Security Coordinator's Name]Please list locations where you might store Personal Information. Please use a comma-separated list like the example.  FORMTEXT [ Filing cabinets, servers, and desktop PCs ]How frequently does your IT administrator audit server logs for evidence of breaches? (in days)Every  FORMTEXT 30 daysHow frequently does your IT administrator install operating system security patches?Every  FORMTEXT 30 days.What type of firewall do you use? Example: SonicWall, Juniper, or Cisco. FORMTEXT [Firewall brand here]What Antivirus software do you use? Example: Symantec Endpoint Security FORMTEXT [Antivirus brand here] Note: If you would like to further edit the WISP, go to View -> Toolbars and check off the Forms toolbar. Then, click once on the lock icon that appears in the new toolbar. If you are using an older version of Microsoft Office, you may need to manually fill out the template with your information instead of using this form. Written Information Security Program  TIME \@ "M/d/yyyy" \* MERGEFORMAT 7/26/2018 Prepared by:  REF securitecoordinator \* MERGEFORMAT [Security Coordinator's Name] SENSITIVE INFORMATION NOTICE: THIS PLAN CONTAINS SENSITIVE AND PROPRIETARY INFORMATION ABOUT  REF CompanyName \* MERGEFORMAT [Your Company Name] BUSINESS PROCESSES, CLIENTS, AND SECURITY PROCEDURES. ACCESS TO THIS PLAN WILL BE RESTRICTED TO  REF CompanyName \* MERGEFORMAT [Your Company Name] EMPLOYEES ONLY. Objective In order to protect our clients privacy and personal information, we at  REF CompanyName \* MERGEFORMAT [Your Company Name] have developed this Written Information Security Program. This is a comprehensive set of guidelines and policies we have implemented in compliance with Massachusetts General Laws 201 CMR 17 Standards for The Protection of Personal Information of Residents of the Commonwealth, as well as other federal, state and international regulations and standards. This plan is reviewed periodically and amended as necessary to protect personal information. Designated Employees to Maintain Security Plan (201 CMR 17.03(a)) At  REF CompanyName \* MERGEFORMAT [Your Company Name], we have appointed  REF securitecoordinator [Security Coordinator's Name] to be the designated employee in charge of maintaining, updating, and implementing our Information Security Program. Internal and External Risk Assessment (201 CMR 17.03(b)) In order to assess any risks of access to personal information, we have evaluated where that information may be present.  REF CompanyName \* MERGEFORMAT [Your Company Name] may keep information or other sensitive information on our  REF PIlocations [ Filing cabinets, servers, and desktop PCs ] which are password protected and locked. Our internal computers are protected behind a firewall.  REF CompanyName \* MERGEFORMAT [Your Company Name] Employees may from time to time need access to personal information. In order to insure that none of this information is vulnerable to a breach, we have implemented the following policies: Employee Training (201 CMR 17.03(b)(i)) All employees are responsible for maintaining the privacy and integrity of personal information. Any paper record containing personal information about any client or third party must be kept behind lock and key when not in use. Any computer file containing personal information will be kept password-protected. No personal information is to be disclosed without first fully authenticating the receiving party. When disposing of paper records containing personal information, a cross-cut shredder or outside shredding service will be used. Similar appropriate electronic methods will be used for disposing of electronic media.  REF securitecoordinator [Security Coordinator's Name] trains all new employees on this policy, and there are also periodic reviews for existing employees. Employee Compliance (201 CMR 17.03(b)(ii)) Any employee who discloses personal information or fails to comply with these policies will face immediate disciplinary action including the possibility of termination. Detecting and Preventing Security System Failures (201 CMR 17.03(b)(iii))  REF CompanyName \* MERGEFORMAT [Your Company Name] will provide regular network security audits in which all server and computer system logs are evaluated for any possible electronic security breach. These audits will be performed every  REF Auditdays 30 days. Additionally, all employees are trained to watch for any possible physical security breach, such as unauthorized personnel accessing file cabinets or computer systems. Keeping, Accessing and Transporting Personal Information (201 CMR 17.03(c)) As mentioned above,  REF CompanyName \* MERGEFORMAT [Your Company Name] will take all possible measures to ensure that employees are trained to keep all paper and electronic records containing personal information securely on-premises at all times. When there is a need to bring records containing personal information off-site, only the minimum information necessary will be brought; electronic records will be password-protected and encrypted, paper records will be kept behind lock and key. Records brought off-site should be returned to the  REF CompanyName \* MERGEFORMAT [Your Company Name] office as soon as possible. Under no circumstances are documents, electronic devices, or digital media to be left unattended in an employees car, home, or in any other potentially insecure location. Disciplinary Measures (201 CMR 17.03(d)) Any employee who willfully discloses personal information or fails to comply with these policies will face immediate disciplinary action including the possibility of termination. Prevention of Terminated Employees from Accessing Information (201 CMR 17.03(e)) Any terminated employees computer access passwords will be disabled before the employee is terminated. Physical access to any documents or resources containing personal information will also be immediately discontinued. Third-Party Service Providers (201 CMR 17.03(f)) Access to personal information by third-party service providers will be kept to a bare minimum. Any third party service provider who does require access to information will be fully vetted. Limiting Information Collected (201 CMR 17.03(g))  REF CompanyName \* MERGEFORMAT [Your Company Name] is committed to collecting only the minimum of personal information necessary to accomplish our purposes; old information is also disposed of securely after 7 years or after whatever period is required by federal and state data retention requirements. Identifying Where Personal Information is Stored (201 CMR 17.03(h)) We have identified the locations where personal information is stored on our network. Personal information is stored in the following:  REF PIlocations [ Filing cabinets, servers, and desktop PCs ]. Physical Access Restrictions (201 CMR 17.03(i))  REF CompanyName \* MERGEFORMAT [Your Company Name] offices and computer network are kept locked third-parties are not allowed physical access to records. Paper files that are not currently in use are kept locked in filing cabinets. In addition, electronic records are kept in databases and on servers which are behind multiple layers of electronic safeguards. Monitoring and Upgrading Information Safeguards (201 CMR 17.03(j))  REF CompanyName \* MERGEFORMAT [Your Company Name] appointed information security coordinator,  REF securitecoordinator [Security Coordinator's Name], will continually monitor and annually assess all of our information safeguards to determine when upgrades may be necessary. Annual Review (201 CMR 17.03(k))  REF CompanyName \* MERGEFORMAT [Your Company Name] appointed information security coordinator will also perform an annual review of our information security plan. Documenting and Reviewing Breaches (201 CMR 17.03(l))  REF CompanyName [Your Company Name]s information security coordinator will thoroughly document and review any breach that may occur. Records of this will be kept on file with our Written Information Security Plan. Computer System Requirements (201 CMR 17.04) To combat external risk and security of our network and all date, we have implemented the following policies: Secure user authentication protocols: (201 CMR 17.04(1)(i, ii, iii, iv, v)) Unique strong password ds are required for all user accounts; all employees receive their own user accounts. Passwords are changed on a regular basis Accounts are locked after 3 successive failed password attempts Any terminated employees computer access passwords will be disabled before the employee is terminated. b. Secure access control measures: (201 CMR 17.04(2)(i, ii)) Only Employees that need access the personal information are given access to proper folders Each person has a unique password to the computer network. These passwords are not assigned by any vendor. c. Encryption on Public Networks (201 CMR 17.04(3)) We do not transmit unencrypted Personal Information across public networks under any circumstances. d. Reasonable monitoring (201 CMR 17.04(4))  REF CompanyName \* MERGEFORMAT [Your Company Name] performs a network security log audit every 30 days in order to detect any possible breaches. Laptops and Portable Devices (201 CMR 17.04(5)) Any laptop or portable device which has personal information stored on it will be kept encrypted using a whole-disk or whole-device encryption solution at all times. Security Updates and Patches: (201 CMR 17.04(6)) We use the  REF Firewallbrand [Firewall brand here] business class firewall and it is regularly monitored. Operating system patches and security updates are installed every  REF Patchdays 30 days to all of our servers. Antivirus and Updates(201 CMR 17.04(7)) We use the  REF Antivirusbrand [Antivirus brand here] Antivirus software and it is kept updated on all servers and workstations. Virus definition updates are installed on a regular basis, and the entire system is tested and checked at least once per month. Education and training of employees on the proper use of the computer security system and the importance of personal information security. (201 CMR 17.04(8)) All employees are responsible for maintaining the privacy and integrity of personal information. All employees have been trained that any paper record containing personal information about any client or third party must be kept behind lock and key when not in use. Any computer file containing personal information will be kept password-protected.  REF securitecoordinator [Security Coordinator's Name] trains all new employees on this policy, and there are also periodic reviews for existing employees. XV. Effective Date (201 CMR 17.05) Reviewed by _________________ on the date: ____________ Employees, by signing below, you assert that you have read this Plan and will comply with its requirements: Name Date Name Date Name Date     567      l m n  ϽtibTiKibthMmHnHujh'!h5sU h'!h5sjh'!h5sUh*h5s5CJaJh=6CJaJh6CJaJh2P6CJaJhuh5huh6x5#hB*CJOJQJ^JaJph#h6xB*CJOJQJ^JaJphhuhu5h6x5CJ$aJ$h5CJ$aJ$hc5CJ$aJ$jhcUmHnHu67    h$If^hgd* & F $Ifgd*$a$gdu$a$gd  1 vi\ h$If^hgd* & F $Ifgd*kd$$Ifl0>&v t0?*644 la4pyt*     / 0 1 l o  - . c d e o p q un`uTuh'!hcmHnHujh'!hcU h'!hcjh'!hcUhMmHnHujhMUhMjhMUh*hM@l6CJaJh*hM@l6h*hM@l5CJaJh*h5s5CJaJ h'!h5sh'!h2PmHnHujIh'!h2PU h'!h2Pjh'!h2PU 1 2 n o vi\\\ h$If^hgd* & F $Ifgd*kd$$Ifl0>&v t0?*644 la4pyt* . / d vi\\\ h$If^hgd* & F $Ifgd*kdd$$Ifl0>&v t0?*644 la4pyt*   vi\ h$If^hgd* & F $Ifgd*kd$$Ifl0>&v t0?*644 la4pyt*           s y z &ջջ皒~sjh.mHnHujh.Uh.jh.Uh*hV6h*hM@l6h*hM@l5CJaJjh'!hcU h'!h5sh'!hcmHnHujh'!hcUjh'!hcU h'!hch*h5s5CJaJh*hc5CJaJ$  s vi\ h$If^hgd* & F $Ifgd*kd$$IflO0>&v t0?*644 la4pyt* vi\\\ h$If^hgd* & F $Ifgd*kd'$$IflO0>&v t0?*644 la4pyt*'(Lqvi\\\ h$If^hgd* & F $Ifgd*kdx$$Ifl0>&v t0?*644 la4pyt*&'LMWXYopqrs""#󸯦zqzbzYH jhMhn&5CJ$UaJ$h45CJ$aJ$h6i5CJ$aJ$mHnHuh5CJ$aJ$jh5CJ$UaJ$h5CJ$aJ$hh5CJ$aJ$h6x6CJaJhu6CJaJhM@l6CJaJhh5CJaJ h'!h2Ph.mHnHuj h.Uh.jh.Uh*hM@l6h*h2P5CJaJqrs"vmaaYTTL$a$gdgd4$a$gd $h^ha$gdn&h^hgdkd $$IflO0>&v t0?*644 la4pyt*#MNklmpt   jkl~ĻСtСhd\WOhhZ5 h5hh5hhh 5CJ$aJ$hh 5CJ$aJ$hWr5CJ$aJ$hMh5CJ$aJ$hMhWr5CJ$aJ$ jhMhWr5CJ$UaJ$h45CJ$aJ$h 5CJ$aJ$hMh 5CJ$aJ$"hVhV5CJ$aJ$mHnHu jhMhn&5CJ$UaJ$hMhn&5CJ$aJ$"mnopqrstu  NOPQ $h`ha$gd'#`h`hgdZh`hgdh^hgdZ & Fgdgd$a$gd23FGHL  :MNORSuvPQv'(;<کҚښҏtmtt h'#`h'#`jh'#`h'#`U h'#`hdhd hd5 hZh h4jh4U h'#`hWrjh'#`hWrU h'#`hZ hZ5 h5 h/c45hh5hZhWrhVmHnHu hWrhWrjhWrhWrU hWrhh*Q=>XYZ[\13} & FgdZ8^8gd/c4 h^`hgdpUh`hgd=h`hgdtFV8^8gdpU & Fgddh`hgddh^hgdd & Fgd<=@FQxy ?@STU^&<=>X[\o»²񮪮᪈ hpUhpUhjh'#`U hpU5 h/c45 hd5 hdhpUhpUhdhVmHnHu h'#`h'#`jh'#`h'#`Uhn5hXh'!hVmHnHuh=jh=Uh-h h'#`h h'#`2o 23d|}~Mrs$,678pʺʶ쮦ᕐ{pi hlhljhlhlU hlh%w7h%w7 h}3f5 h%w75 htFV5 hpU5h'!hVmHnHujh=Uh=hh;hVmHnHu h;h;jh;h;U h;hpU hZ5 hpUhpUh41hpU h/c45 hd5 hux5)}~78!!!!"""""####h`hgdR=h^hgdR= & FgdR=h^hgd%w7h`hgd@]kgd%w7h`hgd%w7h^hgd}3f & FgdtFVh`hgdtFV8^8gdpU ' > ? H N !!!!!!d"g"""""""########$$$$$$ܴئ| hR=hth ht hR=hR=hwhR= hR=5 h@]kh@]kh@]k h%w75 htFV5 h%w7h/c4hV hlhl h"h%w7h" h"h[^mh[^mh%w7 hlh%w7hlhVmHnHujhlhlU0#####$$$$$(&)&m&n&<'='>'n'o'((gdPDPEb1Dss4-yV$?גo4&JiJF(ժÑz}NGiokinjkn&MDV<:o( ظ #0$}ėf1Vc˵Y-e&f5YШufUU)\O$U"` Ry>s@@0`#JR+U`)rzξYO>< 0&8C\ছ JewzzzۻvN+((ȵz^UkQsAuZN FQ=X`4x rb1EYT>VF`$1u$)xoǎtڡj+K F#( 6 1h# z)rZAF.j+&jV 5R2o'>Ch*7?C#0DG_N*w8]S G *nj:ēp$i5e%3*b`*"q_LPTJΨmM&ccJ KJA)!"`x8fl `6}\/8K򊑣GX[w55=ML JNh6UT괂R@> ` j^ 22 *bX:i8 ic`I`i ,@f #b(:}zΝkpD@. 2 &%xƦ={j;VA̠lB9#isLFЏ 2S 1J=hL >J TJZjÁ)/{VRARxdyk`^#p! R9y`ē &:h81@8@`l-`  % *QUĔ1EDАlTbpDCҁ~?\ߨܳ_kjm iTU4> dF@af/|l cP R9~Xg61YG8:c@FڤSB $0or[4c:ڝЌjZ{;v{Ixv 9z)J;D#`-n`}/wZ~x! G"\\FP$*ӛ`^֩Á0y?R{}L"s9&4n% 9j1),9㝡'DyU6+H#=何KBD|ʫfM;\pC#*JFs'$-="^0.rhj(v[IE,jEYY8fe4嘜&I7xjٍ̔  gV<+G`! {ٳ 1<>P3ŖTDfp"l+mcGs?"2',9\?7n_^2cHBAv﫹8 #iA@F4X#1@?JL0(PQ6b{%͗,.?k曳)N¦(QMfv]QM!UM6Zퟁm "Ey^ /8K¾ GׂV\є?\vAV0 FArMm6x6Oq'PWԷwvvAF|)")|yg8" Zχ $z# 1I&Bq&ȮCr,DN0 {:@ʑRĔ(G! Sf^#pL! a1rB_*Dua`DCu,?IZAOWD&Gr2RNj:LEA2F%!.dQFHPm!µ&.5 ` l0Ip^0zY"~L8*&;K>Ps; 7bEyX0s _@ <|0 #f&J3uZ}a-U;4 [9 W,ԛM0Fᨨ3nR O464{q@N}q0 睖k1#fm #mmN-|,STB$X"(m N (<l8;đAτ io0v"Gca.(cEy"%+.[(6]1eh3[Wl/ds B>qZ0Oa@$D8%1G CYENqc2; y=K7N5NR.@EB<"y # !JP"> h=CC 2X :6((t6& 1,@ĚBܓdx8f{iaU 5PKV1=X63]H)54?M$JL2e8*2 -?v{yE?XOX;w'W}1JC$`1=Q`#]j$ .rc #acC=|PD"!0Tby')0 *I& I\v'ɸ=ٹ>z_]\ WD|ab/VX34,t])!\wy?9@v$EtDfqT)Xc!ۋA&xjE*1a ۱ջzor˭b1rX)Ntgqw}kP4r23eV^='Nx7O?kHUS=OP6= ږ&C {b;eEFR؋e2tFc6{v"TvgYV 9sƇ~t~vǝyُ=lv%YG8dGB ?頵${]1A$g4ș[3|dTRу b'%_,Y2k{gCk3`HGB i+eDţ#!\`:֒ O(Dfa>E7ʆ\RB^aߩӲRx!;cc^-9햾 %;J?r/8IaKvU㫓s-sHA`(I< "D TpSq#CHg' >%J=.XA;-Xmg[gQ!AoHxdeo:#mG=e $֦F&!6>whYVAXkf+ Svd2yh*Pkp*F.xH)U9;]Nl7VNf}E4_^mRA(?lg;?O% IQ>="|:~h]]=FO(MjvwWKwg[V5]?R|!B8)'`D~cSsryw2R0VY,jcJ͛ө  c!Q p 0,/i&|47->nJǘqϻ"ޅ c|&͗6R{TK#-sDB?Pղ.ג_s׋mP?V$xXc1tg&s+E_( a,J=*erK".~JgNHx3\K+W׳<䤖\sPxΜR``6oJr.Ƅ{jjfL&@k*{)J]YO\sM@2%nPX||B{0.9O(5 ᥨmfI6xl l O\=mo—ȇ@=&Ƨ'u{:txГ!4518#]l)2ɬ3v1_e%g͚%<#3JZX&.~#&0`# ^]v1HW_,O,]Jar>6ֶv@ܹlP,2'5NϚ{LR.Ib: 8| ?@ە8jQsRZ̃-RbHvJ7jI&!N%$+E $ApOX=z=x>@6#X8OhB4 _/>6~LnU kK`݁rTgV@6}{,ܠDŬN?h1joRRN&c0Xosg̈́ /lh($㉗ LR.>`s5O4XQ` :ܫI=FRpF썺G=gA>Q@4;~; 睻i*쫁}Bdn%yXbjsr73~KreD~2FWIfj<%߿ `d++9~D!9u҉BDŠLƫVI|HRYSdGJOF8k}{kЋBvI 1ЏQGŇ~Q#б}߸kKol¨?RJګ^y4_]jBK:JnX\<3í[Q, 4)S嘱' %Fh:$j |8_A? dJ e(,x5R*:NRYS$\W«L>"ll~U>J  R@j=J<ā;xNӵ~~/kem0GCS;>6.c8=k4'hL9&cB< 6WA:.t^ r+>b|{' wJ.!~xO'?g2%!C2;=UUU5BzrVN2߸ -B?H`Hza jA2pZ@B)e qVPwFD:F۷-^WU1b s#z=%Pg3*(HF( O}Vۨ_݋-עvqgJXᑇlY=2Ƅ=4!l|JG!9It_ׯ~Wbq|^{]V |ofꛗ.0Zyeus+/$ l۲lF W![1@4Pї=Ε$~ňlx#Fn9`xb_ Ƅ8 ֯[NJ?@ߺ m 1*IAIs$IۖRŪSB NOICZ)2aD9b!Óm 0/C(A?uO-N}A}A(e]>J9[!2)m#J-|my'Na "UA zl7EՊ8%z98)eJ$6U%7sRV6hn{Vj \gMw.[n tͶsΜ'M$mE_u˖𛽶n-,PR W[N7&JyPn–^vh(7S?3Z_͛ɴ)y#3=[^x!"P%߁Fx4jÀyYk^xkzڵ,o^{;r B OhqEҥK7w2p7q:%5AlBa9*.-k ffɭ?Nছxa zmev[O+W:bT%g`Cw;Vv?\|%؆&0+ĔcAF"")!ZObQNȏΤ2)_bSM o$$*/JR\2%ėA F@ak颥[N\)L5Psr4rT_%;]ߒᓑnϙIx_})U B3jta~K]D|7(}%?ȨU=&1~x{`*Bf 7g6c2݋@R=n'h536|h2s**0@dM6JXwwoُx͞=')'i|E㯋fQQ ӻ&|bJb$q ӻ& WG/첪30,=y4/ssW0WjaT= LU~!37W W 2ZZ𥉉o^G,<İʞ:[nXQת9 ㎯ 3 _'?ܾ˨@qow:uϜ]f`HCZ}ȷ髈mj}]YчX4g3nimذwwGk;wFc4r 0k:\sc㦷6Tu1K7אY٨9 CN:͙Bo M5Y؜/ !Qhy207q$f5n]H#-LDGz$1~߾_|kڽv}rPn7e.\垚k),,’ <.`vKV `ĵ!IptK<.WOw>{yϏ{Ksl^;$!~>A$==XF:POCEB ٳO>YsNC.-M-m~=p//˽cǯ4!$!5ʱVCc8G#p8G#p8G#p8G#p8G#8#&IENDB`D@ CompanyName[Your Company Name]$$If4!vh#vv#v:V l t0?*65v5a4pyt*D@Addressour Company Address Here]$$If4!vh#vv#v:V l t0?*65v5a4pyt*D@securitecoordinator[Security Coordinator's Name]$$If4!vh#vv#v:V l t0?*65v5a4pyt*D@ PIlocations-[ Filing cabinets, servers, and desktop PCs ]$$If4!vh#vv#v:V l t0?*65v5a4pyt*D@ Auditdays30$$If4!vh#vv#v:V lO t0?*65v5a4pyt*D@ Patchdays30$$If4!vh#vv#v:V lO t0?*65v5a4pyt*D@ Firewallbrand[Firewall brand here]$$If4!vh#vv#v:V l t0?*65v5a4pyt*D@Antivirusbrand[Antivirus brand here]$$If4!vh#vv#v:V lO t0?*65v5a4pyt*s2 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@_HmH nH sH tH @`@ NormalCJ_HaJmH sH tH DA D Default Paragraph FontRi@R  Table Normal4 l4a (k (No List bob 41Default 7$8$H$-B*CJOJQJ^J_HaJmH phsH tH B' B '#`Comment ReferenceCJaJ<< '#` Comment TextCJaJ@j@ '#`Comment Subject5\H2H '#` Balloon TextCJOJQJ^JaJjCj 5s Table Grid7:V04R4 6xHeader  !4 b4 6xFooter  !PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VvnB`2ǃ,!"E3p#9GQd; H xuv 0F[,F᚜K sO'3w #vfSVbsؠyX p5veuw 1z@ l,i!b I jZ2|9L$Z15xl.(zm${d:\@'23œln$^-@^i?D&|#td!6lġB"&63yy@t!HjpU*yeXry3~{s:FXI O5Y[Y!}S˪.7bd|n]671. tn/w/+[t6}PsںsL. J;̊iN $AI)t2 Lmx:(}\-i*xQCJuWl'QyI@ھ m2DBAR4 w¢naQ`ԲɁ W=0#xBdT/.3-F>bYL%׭˓KK 6HhfPQ=h)GBms]_Ԡ'CZѨys v@c])h7Jهic?FS.NP$ e&\Ӏ+I "'%QÕ@c![paAV.9Hd<ӮHVX*%A{Yr Aբ pxSL9":3U5U NC(p%u@;[d`4)]t#9M4W=P5*f̰lk<_X-C wT%Ժ}B% Y,] A̠&oʰŨ; \lc`|,bUvPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!R%theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] [0~  &#<o$K),]026[8 $(*,./13568:= 1  q"Q}#(-026S8[8!"#%&')+-02479;<>/dpyLXo"Mk k  2 F R u ';x?S~r( 8o(!K!_!!!!i"""K#^#r#9(\(p()*****++-+-.1.[0FFFFFFFF l,b$_3( PFH%4~@(  V  3 A #" `?B S  ?[0pt CompanyNameAddresssecuritecoordinator PIlocations Auditdays Patchdays FirewallbrandAntivirusbranddyL\00p\0M0M0O0P0P0R0S0U0V0X0\0\b$%%%1%&&./M0\0333333o2s(Lps"l k  G R <xT~Mr)9o(!`!!!G"i""K#s#)$W$$$9(q(())*****+.+,,-2...L0M0M0O0P0P0R0S0U0V0X0\0"l k  G R <xT~r)9o(!`!!!i""K#s#9(q()***+.+-2.L0M0M0O0P0P0R0S0U0V0X0\0 TPko/tj$.vTf81/a$9lwqU|J ]Y ydXkH? ~œhpp^p`OJQJo(hHh@ @ ^@ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhPP^P`OJQJo(hHh  ^ `OJQJ^Jo(hHoh^`OJQJo(hHhpp^p`OJQJo(hHh@ @ ^@ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhPP^P`OJQJo(hHh  ^ `OJQJ^Jo(hHoh^`OJQJo(hHD\D^D`\o(.h  ^ `OJQJo(hH  L ^ `LhH. xx^x`hH. HH^H`hH. L^`LhH. ^`hH. ^`hH. L^`LhH.h@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hHh  ^ `OJQJo(hHh^`OJQJ^Jo(hHoh!!^!`OJQJo(hHh ^`hH.h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.hpp^p`OJQJo(hHh@ @ ^@ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhPP^P`OJQJo(hHh  ^ `OJQJ^Jo(hHoh^`OJQJo(hHh  ^ `OJQJo(hHh  ^ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhTT^T`OJQJ^Jo(hHoh$$^$`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHhpp^p`OJQJo(hHh@ @ ^@ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhPP^P`OJQJo(hHh  ^ `OJQJ^Jo(hHoh^`OJQJo(hH^`OJPJQJ^Jo(^`OJQJ^Jo(hHopp^p`OJQJo(hH@ @ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoPP^P`OJQJo(hH808^8`0o(. ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH. ~dXka$9 ]Yo/.TqUTP81                   kH'                                                              -N        >bZzSR uxw\m5s"*'!tlZw5T P"U$n&`U(414/c4n5%w7R=3NG=NO2PX-H(V\Wr!.dt_8 6Mu:%]ZJcA6xJ;;/X*;M0O0@[0@UnknownG.[x Times New Roman5Symbol3. .Cx Arial7. [ @Verdana5. .[`)Tahoma?= .Cx Courier New;WingdingsA$BCambria Math"1 h*g*g3Ӧ5)W5)W!45050 2QHP ?2!xx 2Written Comprehensive Information Security ProgramUser Stephen Vono4         Oh+'0 ,8 X d p |4Written Comprehensive Information Security ProgramUserNormalStephen Vono2Microsoft Office Word@@~k@ߒ$@ߒ$5)GVT$mE gU -2  !0.@Times New Roman---  2 v0    X2 30 Written Information Security Policy (WISP) Template                2 0   @Times New Roman---  2 0   @"Arial--- C2 x%0 Copyright 2009 ComplianceHelp.Net::   2 -0    2 /0   2 2W0 This material is copyright protected and cannot be copied or used except as authorized    /2 0 in the attached license.  2 0    2 0   U2 10 Please see the attached license. Warning: The una  R2 /0 uthorized reproduction or distribution of this   2 x}0 copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated b    2 0 y the   2 N0 FBI and is punishable by up to 5 years in federal prison and a fine of $250,00 2 I0 0.  2 R0   ---  2 0   --- 2 V 0 Instructions:     2 0   ---  2 0   @Times New Roman--- 2 (x 0 Answer the 8      2 (0   h2 (>0 questions and the WISP will be automatically generated on the                    2 =0 following page      2 = 0 s  2 =0 .  2 =0   V2 =20 Then simply review, print out, and sign the WISP.             2 =0     2 S0   Y0@Times New Roman---@"Arial------ 2 iO0Y1. ---  2 i]0Y --- 42 ig0YWhat is your company name?         2 iZ0Y  Y0'''Y@Times New Roman--- (2 g$Y[Your Company Name]       2 gY  '- @ !X/-- @ !X/-- @ !X0- - @ !X-- @ !X- - @ !X-- @ !X- - @ !/Y/- - @ !/Y- - @ !/Y- 0------ 2 O02. ---  2 ]0 --- 82 g0What is your address (without       2 ]0ZIP)?     2 0  0'''--- 42 $[Your Company Address Here]       2   '- @ !/-- @ !0- - @ !-- @ !- - @ !- - @ !,/- - @ !,- - @ !,- 0------ 2 O03. ---  2 ]0 --- J2 g*0Who will be in charge of your Information             0'' #2 g0Security Policy?      2 0   2 0  0''  2 O0  @Times New Roman- - -  d2 O;0201 CMR 17 requires that you designate one person to be in   - - -  (2 O0charge of security.---  2 0 ---  2 0  '--- 72 $[Security Coordinator's Name]      2   '- @ !/-- @ !0- - @ !-- @ !- - @ !- - @ !e/- - @ !e- - @ !e- q0------ 2 ,O0q4. ---  2 ,]0q --- )2 ,g0qPlease list location      /2 ,0qs where you might store        q0'' 2 Ag0qPerson   "2 A0qal Information.       2 A0q  q0''- - -   2 UO0q  - - -  &2 gO0qPlease use a comma    2 g0q- =2 g!0qseparated list like the example.  ---  2 g0q  'q--- ;2 *$ q[ Filing cabinets, servers, and     2 <$ qdesktop PCs ]   2 <}q  '- @ !/-- @ !0- - @ !-- @ !- - @ !- - @ !U/- - @ !U- - @ !U- r0------ 2 O0r5. ---  2 ]0r --- S2 g00rHow frequently does your IT administrator audit             r0'' C2 g%0rserver logs for evidence of breaches?            2 0r  2  0r(in days)    2 0r  r0'''r--- 2 $rEvery  2 Nr30  2 ^r  2 brdays  2 ~r  '- @ !q/-- @ !q0- - @ !q-- @ !q- - @ !q- - @ !8r/- - @ !8r- - @ !8r- 0------ 2 O06. ---  2 ]0 --- V2 g20How frequently does your IT administrator install              0'' >2 g"0operating system security patches?            2 0  0'''--- 2 $Every  2 N30  2 ^  2 bdays.  2   '- @ !/-- @ !0- - @ !-- @ !- - @ !- - @ !8/- - @ !8- - @ !8- !0------ 2 O0!7. ---  2 ]0! --- @2 g#0!What type of firewall do you use?            2 |0!  !0''  2 O0!  - - - - - -  &2 O0!Example: SonicWall    2  0!, Juniper,   2 0!  2  0!or Cisco. ---  2 Q0!  '!--- +2 $![Firewall brand here]     2 !  '- @ !/-- @ !0- - @ !-- @ !- - @ !- - @ !=/- - @ !=- - @ !=- \"0------ 2 2O0"\8. ---  2 2]0"\ --- @2 2g#0"\What Antivirus software do you use?             2 20"\  \"0''- - -   2 EO0"\   @2 XO#0"\Example: Symantec Endpoint Security      2 XD0"\  '\"--- ,2 0$"\[Antivirus brand here]    2 0"\  '- @ !!/-- @ !!0- - @ !!-- @ !!- - @ !!- - @ !:"/- - @ !\/-- @ !\/-- @ !\0- - @ !:"- - @ !\-- @ !\- - @ !:"- - @ !\-- @ !\- ---  2 m0   --- g2 =0 Note: If you would like to further edit the WISP, go to View                2 Y0 - 2 _ 0 > Toolbars     q2 D0 and check off the Forms toolbar. Then, click once on the lock icon                 2 0   2 0 that    52 0 appears in the new toolbar.         R2 c/0 If you are using an older version of Microsoft              m2 A0 Office, you may need to manually fill out the template with your                G2 (0 information instead of using this form.              2 ;0    @Times New Roman- - @Times New Roman- - -  -2A R,R,(,R)()?==443GFEYWV_\[pnj~yÿcb^CB@NMLdbcutsljf}^\WBA@wvn}xhgaRRRqY[GK7cS}m\HXAWAcIH0K4hcY{<*-% K9VVQ=)" U; k[A)='4&qglf}QQQSE%#" "^Yo ,,74@eB+444-/@,;e< 4-//// ,ee744-//. @@  e77HHf 4-/..@<< <<@etce *7TUOVPnrcc--.@@ B @6I ;/Uq|bjqqqbwQr.//.<< , B he*tc. *nq}}l}}}{qqqqbwr .<,, htIhhI;ee6I B4 0*Tq}}}g}}}}}zjqqiqPVMvv.2vg{y{{{y{yyy{xPs5t  6I tc  33  ttttcIc; 7((((T{{z{zjU&"DUzdyyyyyyyyxX`BIt*t *ttc  c IItItIIttItttttttttttt t 5 ((((M{z{zjU#>"!HrqxiyxyxxdXsBt6tc6It  ( tIt Ic  ''((U{z{yVC:::?>:?'Rjxxyxxxdk`,3t*tcttc cc**ccc c tc cccIcI <'('Uyz{jS?>:""Embxdddxd]r,,Bc6IG3t  cc7  ItIItItttItct3ec77* ''(UxPqPJ>9 Pp\dddk`<  I3Ic  ct  A cAI t377777f0& ''(UyyiWC>>?"&0'3"?!rddddd\Q<  I36t= tcc ; c%I6c c cccc37ctct7777f&  (NxyyN$""#LOqqwQ!"(wodod\Q@<@;cc3*v3v 3t33t I Ic  3 c3tAIct'3 (VdxxOC?Ypoooopl">Euxodp\Q<@  3;3 t t A( It$tI t3t tc3H++'3& 2(WddpkCJ\ok_K_^U8"Pooo\w@.t3 cItc ctcccIccctcItIc cctc c c t cII tccc,'32& (Xpdo\J>"YopT?$#>?!rpooon<.. tctIcB=&3323FVpopiZNoq>>EMpoo\P//3t ttce@***38333G\opooS>NoP0>EMpoooPs-- G%It tItIcv****=638%3EG\oooo_?^oq=>>EMpoooP@4/@tttt tI **061%8%%EGdooooY>"_oqu??!n\k]p]s44/eIIcttc+*F01))9:#8DLoo\oo_J\pQ'"2Uk[[[is4/c ItttIt066)11:"98ELpooooZaoqr0&38U[kNk]`- A))))*A>#DYp\\oa$CNopgnQm!>'n[NN[]`41))))1)=("""?9Yo\\^$>>CY\oppg "ONN^[\g;0)6)6*'::?DM\kkN#"":?CZYaS8>>^^^^N\`e/A660)00='8#:8Uo[kkK9"D>>>">?2RN^^N\gI11066'888"#N\[[[aSSSKJ#>"?>:>":?">na^akQ45fF06=='3%8:%N\NNN[[[[[^YK$?"?":>"?">2mUaakb47 7)***=='33$83OkNNN^^^^^NNNYK:>:"""?"?>?=aaL[b- f6*=( &28 Pk^NNN^^^^^^^^^_$>>:CKS_SSKJ$!LaYY[l-75**+( &!J][^a^^aaaaaaaYaa_3CZ_YaYaYaYSZY_Y_Nb-+7.+++'!F][a^a^aaaaaaaaaaa__aYYYYYY_YYY____Nj/+-h++7)A(2Fi^aaaYaaaYaYYYYaYYY_Y___Y______S_SNbc4eHf7)1((&=]^YaYYYaYaYYYY_Y_Y____S______SSSSSNg77 7*)('GdNaYYY________YS_S_S___S_SSZSSSZZZ]`++. *61'=PPWP]ONN^^aLSLSSSSSSSSSSSSZZZSZZKabc*4. 4--+*1FFGSLYUNX[\P][[N^Y_SSZZKKKKZKKKKZP`**,/ --/.. 6''2!E!%$&JGSTMUVWPPPXVUYYSZKJJLPQ+0*/4-//.@@ *11(' 33!D">D83J(KGLMMNOPNOOOQR*)0*14//..@<< <4*1)( &3%8::>?9D88E%2!22 FGGGH0())6*I.@@@ ,B .4*1(( 3338#"":#8%C33&& 222'2'()1 <  @--470)(( &3$%#9:""983$33&& '('((AA)*; <.( &4-7=)(' 33%8:>?:%%%33&& ''(((6556'& 074./-76((''( 3%%8#9::8%!&&  ' * ,*-./+0)(('  &&& '11)((' &2333!%$3)4  !""#$%&&'()*++++   '"Systemb<'h-'- -   00//.. o ՜.+,0  hp  HOMEW50 3Written Comprehensive Information Security Program Title  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQSTUVWXY[\]^_`abcdefghijklmnopqrstuvwxyz{|}Root Entry F0$Data R1TableZGWordDocument|SummaryInformation(~ЬDocumentSummaryInformation8CompObjr  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q