MA State Identity Theft Law (201 CMR 17.00)

Required Written Information Security Program

Any business that processes or stores personal information of Massachusetts employees, consumers or other residents needs to establish a comprehensive written information security program (WISP). Save thousands of dollars by using our comprehensive library of pre-written information security policies that cover each security requirement of 201 CMR 17.00.

Key Security Policy Requirements

MA State Law 201 CMR 17.00 (“Identity Theft Law”) contains a number of specific provisions required in the written information security program. These must all be documented in written policies that are read and understood by all employees.

Information Shield publications address each of the core requirements of the law including: (a) Assigned Security Responsibility (b) Risk Assessment (c) Developing security policies for employees (d) Disciplinary measures for violations (e) Employee termination procedures (f) Service Provider Oversight (g) Physical Security Controls (h) Monitoring (i) Annual Security Program Review (j) Incident Response

Develop Security Policies Quickly

Information Security Policies Made Easy - Version 13Information Security Policies Made Easy by security policy expert Charles Cresson Wood, CISA, CISSP includes over 1500 pre-written information security policies and expert advice covering all security requirements of 201 CMR 17.0. Used by over 9000 organizations in 60 countries.
» Learn More » Request a Sample

Keep Policies Up to Date

PolicyShield Security Policy SubscriptionThe PolicyShield Information Security Policy Subscription contains over 1700 pre-written policies with regular updates based on the latest threats, technologies and regulatory changes. Let our experts monitor the latest trends and write the policies you need when you need them.
» Learn More » Request a Sample


Document Information Security Roles

Information Security Roles and Responsibilities Made EasyInformation Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to MA State Law, security roles and responsibilities must be defined and documented. Save your organization hundreds of hours of effort in developing and documenting your security organization.
» Learn More  » Request a Sample