TEKRiSQ | Technology Risk Assessment Platform  

WISP

June 4, 2025

How Can We Help?

WISP

Created On
Last Updated On
Views98
You are here:
< Back
WISP written information security plan cybersecurity best practices

What is a WISP?

A WISP is a  Written Information Security Plan (WISP) is a document that outlines your company’s policies, procedures, and solution controls for protecting sensitive information.  Basically, the WISP is a roadmap for how your business manages data security and protects confidential data within your systems.
NOTE: WISPS’s are often required by several regulatory bodies. Do you know if your business is required to have one? You may want to consider a cyber risk assessment to determine your risks and needs.
cyber risk assessment fast easy affordable SMB TPRM third-party CISO compliance security review service flaw hypothesis methodology define RMM high assurance guard insurance cybersecurity best practices
Documents like these help your business organize proactive plans for when (not if) a cyber incident occurs, and how best to handle it. Business partners, regulators and insurers may want to know if you have created one, and in some cases offer it for review. It demonstrates a strong culture of cybersecurity.

What Does A WISP Include?

Typically, a WISP includes the following items:
  • Internet Acceptable Use Policy
  • Remote Access Policy
  • Password Management Policy
  • Password Complexity Rules
  • Multifactor Authentication Policy
  • Security Awareness Training Policy
  • Resource and Data Recovery Policy
  • Hardware Decommissioning Policy
  • Information Security Policy
  • Physical Security Policy
  • Employee Computer Setup & Configuration Policy
  • Company Email Policy
  • Work Computer Usage
  • Software Usage
  • Patch Management Policy
  • Asset Management Policy
  • Data Backup Policy
  • Data Encryption Policy
  • Mobile Device Security Policy
  • Data Classification Policy
  • Data Destruction Methodology
  • Information and Asset Handling Policy

So, What’s An Incident Response Plan?

An Incident Response Plan provides a framework by which anIncident Response Team (something your business should organize) can determine the scope and risk of an incident along with the appropriate response.  This too is useful to your team, the people you do business with and those who you rely on to manage risk.

Specific areas of an IRP include:  Incident definition, incident declaration criteria, high-level incident criteria, medium-level incident criteria, low-level incident criteria, evidence preservation, IT Snapshot summary, detection & analysis, containment/eradication/recovery, post incident activity, escalation, critical services list, plan activation criteria, responsibilities, key contacts, service owners, roles, and reporting template(s).

If you’d like help establishing yours, lets schedule a quick discussion.

Tags:

© Copyright 2025 TEKRiSQ, INC. All rights reserved.
Website by: Colophon

TEKRiSQ BBB Business Review