SOURCE: Security Management Partners

Security Management Partners

February 17, 2010 12:38 ET

Local IT Security Consulting Firm Moves Massachusetts Businesses Towards Data Protection Compliance

Massachusetts Regulation 201 CMR 17 Takes Effect March 1, 2010

WALTHAM, MA--(Marketwire - February 17, 2010) - Security Management Partners (SMP), an information security professional consulting firm based in Waltham, Mass., is helping organizations meet new IT security standards adopted by the Massachusetts Office of Consumer Affairs and Business Regulation that are effective March 1, 2010.

On this date, every business, non-profit and other non-government entity that stores 'personal information' (PI) about a Massachusetts resident, employee or customer is required to adhere to the administrative, physical and technical requirements listed in MA 201 CMR 17. "It doesn't matter if you employ 4,000 people or work alone, if you handle personal information of a resident of the Commonwealth of Massachusetts you are required to comply," said Peter Bamber, vice president of Information Security at SMP.

In September of 2008, Massachusetts was first in the nation to establish minimum security standards for handling personal information. Massachusetts defines "PI" as an individual's last name along with either their first name or first initial, and in conjunction with any one of the following; a driver's license number, state issued I.D. number, social security number, account number, credit card or debit card number (with or without the PIN, CCV or other access code required to use it).

"There are literally hundreds of businesses in industries ranging from financial services to healthcare to large and small businesses that will need to undergo significant annual reviews of their information security procedures in order to ensure they are in compliance," said Bamber.

SMP, a privately-owned company that operates with a singular focus on IT security, has successfully reached in- and out-of-state companies to help them navigate their way through these new regulations which require: complete training for individuals responsible for ongoing use and security management of personal information; a comprehensive security program with a set of written policies addressing how personal information is handled and stored, and who can access it; access requirements for how user accounts, password policies, and firewalls are created and enforced; provisions for encrypting PI on laptops and other mobile devices; and annual risk assessments and remediation recourse if gaps are found.

A breach of security that results in unauthorized acquisition or use of unencrypted information can have lasting impact on a company's brand, employees and customers, and requires breach notification to the Massachusetts Office of Consumer Affairs and Business Regulation and Massachusetts State Attorney General's Office. Bamber advises organizations begin a serious effort now towards compliance AND a long term strategic IT security plan. Specifically, SMP recommends activities such as policy creation and risk assessments; system, firewall and network testing to reduce the risk of financial and legal ramifications from the violation of 201 CMR 17 requirements; the use of encryption on all email and mobile media that contains PI; configuration of existing monitoring/logging tools for increased effectiveness and selection of new tools to aid in compliance and a collaborative understanding of requirements of and by third-party vendors that manage, store and process PI data.

Bamber concluded, "These activities will also serve to strengthen a company's overall information security program."

For more information about SMP's 201 CMR 17 services, please contact 781-890-7671, extension 208.

About Security Management Partners: Since 2001, SMP has provided a singular focus on services to identify, test and provide remediation advice to eliminate external and internal information security risks and to help companies adhere to today's evolving compliance rules. Security Management Partners does not sell any hardware or software products ensuring 100% neutrality in all of its assessments. SMP is a leader in incident response, investigative, and forensic services, and has helped hundreds of clients eliminate vulnerabilities that could have lead to an attack on an organization's information assets and reputation. For more information, please visit: or call (781) 890-7671.