Creating and Maintaining a Written Information Security Plan (WISP) for Data Safety

With the rise of data security incidents, businesses are encouraged to maintain a Written Information Security Plan (WISP). A WISP protects businesses and clients, offering a structured response framework for security breaches and other disruptions like natural disasters or theft. 

A well-designed WISP should be tailored to a company's size, activities, and sensitivity of customer data, focusing on three key areas: employee management and training, information systems, and identifying and managing system failures. It's also important to understand post-breach responsibilities when building a WISP.

Key Elements of a WISP:

• Employee Management & Training
• Information Systems
• Detecting & Managing Failures

Requirements for a WISP:

• Assign one or more employees to manage the security program.
• Identify and assess risks to customer information and evaluate the efficacy of current safeguards.
• Create, monitor, and update a safeguards program.
• Choose service providers capable of implementing robust security measures.
• Update the plan periodically, reflecting changes in business operations.

Tips for Maintaining a WISP:

• Store the WISP in an accessible format (PDF/Word) and provide training to employees.
• Regularly review and update the plan as business circumstances change.
• Develop a data theft response plan and consult the FTC's Data Breach Response Guide for more guidance.

The IRS has also provided a plain language WISP sample for guidance, available on IRS.gov.

Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.

MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).