Local IT Security Consulting Firm Moves Massachusetts Businesses Towards Data Protection Compliance
Massachusetts Regulation 201 CMR 17 Takes Effect March 1, 2010
| Quelle: Security Management Partners
WALTHAM, MA--(Marketwire - February 17, 2010) - Security
Management Partners (SMP), an information security professional
consulting firm based in Waltham, Mass., is helping organizations meet new
IT security standards adopted by the Massachusetts Office of Consumer
Affairs and Business Regulation that are effective March 1, 2010.
On this date, every business, non-profit and other non-government entity
that stores 'personal information' (PI) about a Massachusetts resident,
employee or customer is required to adhere to the administrative, physical
and technical requirements listed in MA 201 CMR 17. "It doesn't matter if
you employ 4,000 people or work alone, if you handle personal information
of a resident of the Commonwealth of Massachusetts you are required to
comply," said Peter Bamber, vice president of Information Security at SMP.
In September of 2008, Massachusetts was first in the nation to establish
minimum security standards for handling personal information. Massachusetts
defines "PI" as an individual's last name along with either their first
name or first initial, and in conjunction with any one of the following; a
driver's license number, state issued I.D. number, social security number,
account number, credit card or debit card number (with or without the PIN,
CCV or other access code required to use it).
"There are literally hundreds of businesses in industries ranging from
financial services to healthcare to large and small businesses that will
need to undergo significant annual reviews of their information security
procedures in order to ensure they are in compliance," said Bamber.
SMP, a privately-owned company that operates with a singular focus on IT
security, has successfully reached in- and out-of-state companies to help
them navigate their way through these new regulations which require:
complete training for individuals responsible for ongoing use and security
management of personal information; a comprehensive security program with a
set of written policies addressing how personal information is handled and
stored, and who can access it; access requirements for how user accounts,
password policies, and firewalls are created and enforced; provisions for
encrypting PI on laptops and other mobile devices; and annual risk
assessments and remediation recourse if gaps are found.
A breach of security that results in unauthorized acquisition or use of
unencrypted information can have lasting impact on a company's brand,
employees and customers, and requires breach notification to the
Massachusetts Office of Consumer Affairs and Business Regulation and
Massachusetts State Attorney General's Office. Bamber advises
organizations begin a serious effort now towards compliance AND a long term
strategic IT security plan. Specifically, SMP recommends activities such
as policy creation and risk assessments; system, firewall and network
testing to reduce the risk of financial and legal ramifications from the
violation of 201 CMR 17 requirements; the use of encryption on all email
and mobile media that contains PI; configuration of existing monitoring/logging tools for increased effectiveness and selection of new tools to aid
in compliance and a collaborative understanding of requirements of and by
third-party vendors that manage, store and process PI data.
Bamber concluded, "These activities will also serve to strengthen a
company's overall information security program."
For more information about SMP's 201 CMR 17 services, please contact
781-890-7671, extension 208.
About Security Management Partners: Since 2001, SMP has provided a
singular focus on services to identify, test and provide remediation advice
to eliminate external and internal information security risks and to help
companies adhere to today's evolving compliance rules. Security Management
Partners does not sell any hardware or software products ensuring 100%
neutrality in all of its assessments. SMP is a leader in incident
response, investigative, and forensic services, and has helped hundreds of
clients eliminate vulnerabilities that could have lead to an attack on an
organization's information assets and reputation. For more information,
please visit: www.smpone.com or call (781) 890-7671.