Automobile Dealers

Massachusetts Written Information Security Programs require annual reviews, or when major changes are made to the environment.  Have you performed a vulnerability assessment? Have you upgraded your DMS recently?

There is a misconception your DMS is protecting your computers.  Unfortunately, your DMS is probably only monitoring and patching the machines connected to the provider.

While there is no magic bullet that can fix everything, we’ve found that the top 3 to 4 observations are low to no cost fixes.  For example, changing a default password; setting a password policy; applying a patch.  These make a significant difference in the overall security posture of the network.

Depending on the number of rooftops, our team is normally onsite for one to two days and will work with your IT team for another week or two to finish the report.

Any company that handles personal sensitive information (employees/customers) of a Massachusetts resident must have a Written Information Security Program (WISP). This working document, a requirement of 201 CMR 17.00, must include designating a security officer and multiple reasonable steps to protect that sensitive information. Additionally, it must be reviewed and updated, if needed, on an annual basis. In addition to performing the services above, OCD Tech has developed a comprehensive audit program to identify any gaps in accordance with this State regulation.

On June 30, 2015 Rhode Island amended Chapter 49.3, also known as the Rhode Island Identity Theft Protection Act of 2015. As part of this act, any person who that stores, collects, processes, maintains, acquires, uses, owns, or licenses personal information about a Rhode Island resident shall implement and maintain a risk-based information security program that contains reasonable security procedures and practices appropriate to the size and scope of the organization. The amendment calls for firms to implement data security measures for personal information of Rhode Island residents by June 26, 2016. Each reckless violation of this chapter is a civil violation for which a penalty of not more than $100 per record may be adjudged. Each knowing and willful violation can levy a violation of up to $200 per record. In addition to performing the services above, OCD Tech has developed a comprehensive audit program to identify any gaps in accordance with this State regulation.

Connecticut Senate Bill No. 949, also known as “An Act Improving Data Security And Agency Effectiveness” requires businesses to create a privacy policy detailing the ways in which they will protect the personal identifying information of their customers and other parties whose data they possess. This policy must detail the ways data is contained on a secure server; on secure drives; behind firewall protections and monitored by intrusion detection software; and in a manner where access is restricted to authorized employees and their authorized agents. Additionally, each company shall update such security program as often as necessary and practicable but at least annually. In addition to performing the services above, OCD Tech has developed a comprehensive audit program to identify any gaps in accordance with this new recommendation.Connect