Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Business Tools

April 1, 2024 |

Written Information Security Program Template

All businesses, including MSPs themselves, should have a WISP.

To view/download this resource, please complete the following:

A Written Information Security Program (WISP) is a crucial component for any organization that handles sensitive data. All businesses, including MSPs themselves, should have a WISP. By working on a WISP collaboratively with your client, you can educate them on the dangers of inaction and the importance of an ongoing financial commitment to security measures. 

This template is a general guide and starting point. It should be heavily customized to meet the business’ individual needs.*  

Written Information Security Program

Effective Date: [Date]

Introduction

This Written Information Security Program (“WISP”) is established by [Company Name] to protect the security, confidentiality, integrity, and availability of Personally Identifiable Information (PII) and other sensitive data it collects, stores, transmits, and processes. This document outlines the administrative, technical, and physical safeguards implemented to ensure data protection in compliance with applicable laws and industry standards.

Scope

This WISP applies to all employees, contractors, and third-party service providers of [Company Name] who have access to PII and other sensitive information within the organization’s network and physical premises.

This document encompasses all systems, automated and manual, for which the organization has administrative responsibility, including systems managed or hosted by third parties on the organization’s behalf.

Roles and Responsibilities

Specify what each group/person is responsible for:

  • Executive Management
  • Information Security Officer (ISO)
  • IT Management
  • Employees
  • Contractors

Risk Assessment and Management 

[Company Name] conducts regular risk assessments to identify, evaluate, and manage risks to its information assets. This section details the risk assessment methodology and frequency. 

Security Measures 

[Elaborate upon each of these bulletpoints:]

  • Access Control: Measures to ensure that access to sensitive information is appropriately controlled.
  • Data Encryption: Standards for encrypting data at rest and in transit.
  • Systems Security: Systems include but are not limited to servers, platforms, networks, communications, databases and software applications. Account for testing, maintenance, and decommissioning in accordance with the lifecycle of the hardware or software.
  • Physical Security: Safeguards to protect physical locations and assets.
  • Incident Response Plan: Procedures for responding to security breaches or incidents.
  • Employee Training: Requirements for ongoing education on information security and privacy.

Third-Party Service Providers

List requirements and standards for third-party service providers handling [Company Name]’s sensitive information, including compliance with this WISP.

Incident Response and Notification

List procedures for identifying, responding to, and recovering from security incidents, including notification processes for affected individuals and authorities.

Monitoring and Review

[Company Name] will regularly monitor compliance with this WISP and review the program annually or in response to significant changes in the business or threat landscape.

Acknowledgment

This policy shall take effect upon publication. Employees, contractors, and third parties must acknowledge they have read and understood the WISP and agree to comply with its provisions. Non-compliance may result in disciplinary action, including termination of employment, as well as legal action.

Contact Information

Submit all inquiries and requests for future enhancements to: [contact information]

Amendments & Revision History

This WISP may be amended or revised by [Company Name] at any time to improve security practices or comply with new regulations.

This document shall be subject to periodic review to ensure relevancy.

Date   Description of Change   Reviewer 
     

 Click to download the Word Doc version.

*The ChannelPro Network, its parent company, or subsidiaries are not liable for any claim, damage, or loss of any kind caused by the use or misuse of this template.


 

Related Business Tools, Resources

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience