/*

We value your privacy

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Cookie Policy

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

/*]]>*/
TEKRiSQ | Technology Risk Assessment Platform  

WISP

June 4, 2025

How Can We Help?

WISP

Created On
Last Updated On
Views53
You are here:
< Back
WISP written information security plan cybersecurity best practices

What is a WISP?

A WISP is a  Written Information Security Plan (WISP) is a document that outlines your company’s policies, procedures, and solution controls for protecting sensitive information.  Basically, the WISP is a roadmap for how your business manages data security and protects confidential data within your systems.
NOTE: WISPS’s are often required by several regulatory bodies. Do you know if your business is required to have one? You may want to consider a cyber risk assessment to determine your risks and needs.
cyber risk assessment fast easy affordable SMB TPRM third-party CISO compliance security review service flaw hypothesis methodology define RMM high assurance guard insurance cybersecurity best practices
Documents like these help your business organize proactive plans for when (not if) a cyber incident occurs, and how best to handle it. Business partners, regulators and insurers may want to know if you have created one, and in some cases offer it for review. It demonstrates a strong culture of cybersecurity.

What Does A WISP Include?

Typically, a WISP includes the following items:
  • Internet Acceptable Use Policy
  • Remote Access Policy
  • Password Management Policy
  • Password Complexity Rules
  • Multifactor Authentication Policy
  • Security Awareness Training Policy
  • Resource and Data Recovery Policy
  • Hardware Decommissioning Policy
  • Information Security Policy
  • Physical Security Policy
  • Employee Computer Setup & Configuration Policy
  • Company Email Policy
  • Work Computer Usage
  • Software Usage
  • Patch Management Policy
  • Asset Management Policy
  • Data Backup Policy
  • Data Encryption Policy
  • Mobile Device Security Policy
  • Data Classification Policy
  • Data Destruction Methodology
  • Information and Asset Handling Policy

So, What’s An Incident Response Plan?

An Incident Response Plan provides a framework by which anIncident Response Team (something your business should organize) can determine the scope and risk of an incident along with the appropriate response.  This too is useful to your team, the people you do business with and those who you rely on to manage risk.

Specific areas of an IRP include:  Incident definition, incident declaration criteria, high-level incident criteria, medium-level incident criteria, low-level incident criteria, evidence preservation, IT Snapshot summary, detection & analysis, containment/eradication/recovery, post incident activity, escalation, critical services list, plan activation criteria, responsibilities, key contacts, service owners, roles, and reporting template(s).

If you’d like help establishing yours, lets schedule a quick discussion.

Tags:

© Copyright 2025 TEKRiSQ, INC. All rights reserved.
Website by: Colophon

TEKRiSQ BBB Business Review