WISP

A Written Information Security Program (WISP) is a document that outlines an organization's security policies and controls. It's a key component of an organization's information governance program and is used to protect the security, confidentiality, and integrity of an organization's data. 

A WISP can help an organization:

• Mitigate the risk of a cyberattack or data breach 

• Provide a legal defense against data breach claims 

• Comply with federal standards 

• Protect sensitive information, such as personally identifiable information (PII) 

A WISP typically includes:

• Procedures for evaluating how an organization accesses, stores, and protects personal information 

• A plan for identifying and responding to security incidents, data loss, or theft 

• An employee training program to educate employees on how to protect sensitive data 

• A plan for destroying confidential data when it's no longer needed