Posted by Kevin Low on Tue, Jan 20, 2009 @ 02:21 PM
I have been handling a lot of inquiries on the latest IT Compliance standard to hit small businesses. This compliance is targeted at businesses which 'store personal information about a resident of the commonwealth'. The 201 CMR 17.00 Standards for the Protection of Personal Information of the residents of the Commonwealth address many IT topics.
Protecting the Network
7 Key IT components of the Mass. 201 CMR compliance:
1. Businesses need a regular monitoring program in place 24/7/365 to ensure comprehensive information security monitoring and auditing.
2. Businesses need to review and document the scope of their IT security measures at least annually
3. Businesses need to establish and maintain a security system and policy covering its employee's use of computers, applications, and provide regular training on these policies.
4. All access to information needs to be controlled with unique user ID and a strict password policies must be in place at all times.
5. All laptops, remote computers, traveling PC's needed to be encrypted.
6. An updated and current series Firewall needs to be in place at all network points. For clients hosting data, Intrusion Prevention services should be in place.
7. All Systems, servers, networking devices, phone systems and other network devices need protection and current operating system patches in place. this includes current Anti-virus software & Malware protection software/component.