Technology

Create an Effective Information Security Program: Start with a WISP

All SEC-Registered funds are required to have an information security program in place, but where does one start when creating the various policies and procedures a fund may need? A Written Information Security Program, known as a WISP, is the best place to start. A WISP document is a comprehensive written plan that outlines an organization’s approach to information security. It serves as a blueprint or roadmap for managing and protecting sensitive information within an organization. After you determine what areas you need to secure, the next step is to plan the how. What a WISP doesn’t lay out is the HOW, that needs to be defined in separate policy and procedure documents thereafter. More on that later.

Your WISP should be your foundation to define how the organization is going to secure sensitive and confidential information. There are many areas that fund may be required to create policies and procedures for, but the most common include access control, data encryption, and vendor management for example.

The cybersecurity experts at Richey May have created a WISP template funds can reference to begin creating a WISP in accordance with industry standards and best practices.

Please note that you will need to allow pop-ups in order for the download to open after filling out the below form.