Read more about 201 CMR 17 from NENGroup expert Robert O’Keefe.
201CMR17.00 CHECKLIST Business Practice and Policies
|
|
Currently Comply |
Working on compliance |
Need Technical/Legal Assistance to Comply |
Deadline |
|
Designate employee to create and maintain security |
|
|
|
|
|
Write the Comprehensive Information Security Program |
|
|
|
|
|
Identify what Personal Information (PI) exists and where it resides (paper and electronic) |
|
|
|
|
|
Place reasonable restrictions on access to PI |
|
|
|
|
|
Select third party service providers that are capable of protecting PI |
|
|
|
|
|
Monitor and update security measures |
|
|
|
|
|
Document Incident Response plan |
|
|
|
|
|
Educate and Train Employees about protecting PI |
|
|
|
|
Computer System Requirements
|
|
Currently Comply |
Working on compliance |
Need Technical/Legal Assistance to Comply |
Deadline |
|
Secure user authentication |
|
|
|
|
|
Secure access control |
|
|
|
|
|
Prevent terminated employees from accessing PI |
|
|
|
|
|
Encryption of PI across email/Internet |
|
|
|
|
|
Monitor systems for unauthorized access |
|
|
|
|
|
Encryption of laptops and portable devices |
|
|
|
|
|
Firewall protection |
|
|
|
|
|
Operating System Security patches |
|
|
|
|
|
System security agent (virus/malware) |
|
|
|
|
|
Employee Training on computer security |
|
|
|
|
