«
»

Upgrade your ISO27001 ISMS to cover 201 CMR 17.00!

January 21st, 2010 by

Comply with the Massachusetts Data Protection Law – 201 CMR 17.00

Do you have an information security management system which complies to ISO27001?

The The 201 CMR 17.00 Upgrade Toolkit will help you to avoid regulatory noncompliance with the 201 CMR 17.00 Law!

Buy the The 201 CMR 17.00 Upgrade Toolkit

to assure success at your next surveillance audit and/or state examination.

You can read the Massachusetts regulation yourself and decide how to revise your ISMS, or you can accelerate your compliance with 201 CMR 17.00 with The 201 CMR 17.00 Upgrade Toolkit which includes specific document revision instructions. The Toolkit will save you weeks of work, help you avoid costly trial-and-error and dead-ends and ensure everything is covered in compliance with both the 201 CMR 17.00 and ISO/IEC 27001:2005 standards.

The Full ISMS (201 CMR 17.00/ISO 27001) Documentation Toolkit contains:

  • Copy of 201 CMR 17.00;
  • Copy of FAQs from the Massachusetts Office of Consumer Affairs and Business Regulation;
  • Mapping of the requirements within 201 CMR 17 with ISO/IEC 27001:2005;
  • Model Information Security Policy and model Statement of Applicability;
  • Pre-written Information Security Manual;
  • vsRisk and RA2 Risk Assessment Tool Integration Templates (but not vsRisk or RA2 themselves);
  • Business Continuity Plan;
  • Service Level Agreement Template;
  • 450+ pages of fit-for-purpose information;
  • 120+ pre-written policies, procedures, templates and guidance including 201 CMR 17 requirements;
  • Internal audit and Corrective and Preventive Action, CAPA, documentation;
  • Implementation manager guidance;
  • Enterprise security assessment tool;
  • Gap analysis/ISO/IEC 27001 Audit tool;
  • ‘What is ISO27001/ISO27002?’ (project staff training slides);
  • PDCA and documentation pyramid presentation.

If you need motivation to move towards compliance, Massachusetts General Law, Chapter 93A, section 4 specifically authorizes the Attorney General to seek injunctive relief against the organization involved in the unauthorized act or practice. In addition, section 4 allows a court to impose a $5,000 civil penalty for each violation and if ‘violation‘ is interpreted to mean the unauthorized access to a single individual’s personal information, the potential damages could be enormous.

Meet the March 1st Compliance Deadline!

Order The FULL Toolkit For Immediate Download Today!

Tags: , , , , ,

This entry was posted on Thursday, January 21st, 2010 at 12:33 pm and is filed under Information Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply