Example Written Information Security Program (WISP)

We currently offer three (3) different versions of the Written Information Security Program (WISP):

  • Option 1: ISO 27002:2013
  • Option 2: NIST 800-53 Revision 4
  • Option 3: NIST Cybersecurity Framework (CSF)

We put together a helpful guide under our Frequently Asked Questions (FAQ) section about the difference between NIST and ISO as a way to help customers identify the best solution for their needs.

 

OPTION 1 - ISO 27002 Version: Example Written Information Security Program (WISP) based on ISO 27002:2013 

 

Your ISO-based Written Information Security Program (WISP) will be in Microsoft Word format, so you can edit it as necessary to meet your own specific needs. This allows you to edit sections or even delete controls that you may not need to cover. 

 

Click on the image below to open a PDF document that shows you what the example Written Information Security Program (WISP) contains and how it is written. 

wisp-iso-27002-security-policies.jpgdownload-example-iso-27002-security-policy.jpg

 

ISO 27002-Based Written Information Security Program (WISP) Highlights

  • Easy to implement & tailored to your company
  • Policies are based on the ISO 27002:2013 framework 
  • Dozens of policies and standards specifically tailored for small to medium businesses
  • Lots of helpful examples of additional documentation you need:
    • Data classification
    • Acceptable use
    • Incident Response Plan (IRP)
    • Information Security Officer (ISO) appointment orders
    • User acknowledgement template
  • Covers PCI DSS v3 requirements 

 

OPTION 2 - NIST 800-53 Version: Written Information Security Program (WISP) based on NIST 800-53 Revision 4

Your NIST-based Written Information Security Program (WISP) will be in Microsoft Word format, so you can edit it as necessary to meet your own specific needs. This allows you to edit sections or even delete controls that you may not need to cover. 

Click on the image below to open a PDF document that shows you what the example Written Information Security Program (WISP) contains and how it is written. 

 wisp-nist-800-53-rev4-security-policies.jpg

download-example-nist-800-53-rev4-security-policy.jpg

 

NIST 800-53 rev4-Based Written Information Security Program (WISP) Highlights

  • Easy to implement & tailored to your company
  • Policies are based on NIST 800-53 rev 4 framework 
  • Dozens of policies and standards specifically tailored for small to medium businesses
  • Lots of helpful examples of additional documentation you need:
    • Data classification
    • Acceptable use
    • Incident Response Plan (IRP)
    • Information Security Officer (ISO) appointment orders
    • User acknowledgement template
  • Covers what you need:
    • PCI DSS
    • Federal Laws
    • GLBA
    • FACTA
    • HIPAA / HITECH
    • SOX
    • State Laws
      • MA 201 CMR 17
      • OR Identify Theft Consumer Protection Act
      • NV SB 227
      • CA SB1386
      • MN Plastic Card Security Act
      • WA HB1149

 

OPTION 3 - NIST CSF Version: Example Written Information Security Program (WISP) based on the NIST Cybersecurity Framework

Your NIST Cybersecurity Framework-based Written Information Security Program (WISP) will be in Microsoft Word format, so you can edit it as necessary to meet your own specific needs. This allows you to edit sections or even delete controls that you may not need to cover. 

Click on the image below to open a PDF document that shows you what the example Written Information Security Program (WISP) contains and how it is written. 

complianceforge-nist-cybersecurity-framework-wisp.jpg

 

 

download-example-nist-cybersecurity-framework-security-policy.jpg

Sort by:

Sign up for our Newsletter!

×
×