Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
WISP Training
Rating: 3.2 out of 5(9 ratings)
23 students

WISP Training

For compliance with WISP
Created byFAQ Linux
Last updated 10/2024
English

What you'll learn

  • Understand what the Written Information Security Plan is
  • Understand and discuss Personally Identifiable Information (PII)
  • Understand standard policies and procedures to comply with the WISP
  • Identify employees/contractors needing WISP compliance training
  • Complete WISP training: employees and contractors

Course content

6 sections24 lectures54m total length
  • Introduction5:15

    Welcome to WISP training.

    This training is intended to fulfill the obligations and requirements set out for WISP compliance.

    Employees who have access to Personally Identifiable Information are required to take WISP training. The training includes information distributed by the Data Security Officer, such as custom policies.

    Course Videos: These videos are for use on Udemy to fulfill  WISP requirements.

    Completion: For the content to be complete, you must attest you are aware of the retention timeframe, firm name, Designated Security Coordinator, Public information officer. Additionally, if you are required to sign the NDA (usually 3rd party vendors/contractors).

    The final assignments include submitting: Company specific information attestation and Rules of Behavior and conduct for safeguarding.

    Attached Documents: All documents for policies as well as a full WISP template are provided for your organization to use.

    Our objective, in the development and implementation of this comprehensive Written Information Security Plan (WISP) bundle, is to create effective administrative, technical, and physical safeguards for the protection of the Personally Identifiable Information (PII) retained by [Your Firm Name], (hereinafter known as the Firm).

    Thanks and Enjoy the bundle!

  • What is WISP?4:45

    OBJECTIVE

    Our objective, in the development and implementation of this comprehensive Written Information Security Plan (WISP), is to create effective administrative, technical, and physical safeguards for the protection of the Personally Identifiable Information (PII) retained by [Your Firm Name], (hereinafter known as the Firm). This WISP is to comply with obligations under the Gramm-Leach-Bliley Act and Federal Trade Commission Financial Privacy and Safeguards Rules to which the Firm is subject. The WISP sets forth our procedure for evaluating our electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting PII retained by the Firm. For purposes of this WISP, PII means information containing the first name and last name or first initial and last name of a Taxpayer, Spouse, Dependent, or Legal Guardianship person in combination with any of the following data elements retained by the Firm that relate to Clients, Business Entities, or Firm Employees:


    • Social Security number, Date of Birth, or Employment data

    • Driver’s license number or state-issued identification card number

    • Income data, Tax Filing data, Retirement Plan data, Asset Ownership data, Investment data

    • Financial account number, credit or debit card number, with or without security code, access code, personal identification number; or password(s) that permit access to a client’s financial accounts

    • E-mail addresses, non-listed phone numbers, residential or mobile or contact information


    PII shall not include information that is obtained from publicly available sources such as a Mailing Address or Phone Directory listing; or from federal, state or local government records lawfully made available to the general public.

  • Define the WISP objectives, purpose, and scope4:39

    We conduct an annual training session for all owners, managers, employees, and independent contractors, including temporary and contract employees who have access to PII enumerated in the elements of the WISP.

    All attendees at such training sessions are required to certify their attendance at the training and their familiarity with our requirements for ensuring the protection of PII. An Employee/Contractor Acknowledgement of Understanding at the end of this training.


    The purpose of the WISP is to:

    1. Ensure the Security and Confidentiality of all PII retained by the Firm.

    2. Protect PII against anticipated threats or hazards to the security or integrity of such information.

    3. Protect against any unauthorized access to or use of PII in a manner that creates a substantial risk of Identity Theft or Fraudulent or Harmful use.


    SCOPE

    The Scope of the WISP related to the Firm shall be limited to the following protocols:

    1. Identify reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper, or other records containing PII.

    2. Assess the potential damage of these threats, taking into consideration the sensitivity of the PII.

    3. Evaluate the sufficiency of existing policies, procedures, customer information systems, and other safeguards in place to control identified risks.

    4. Design and implement this WISP to place safeguards to minimize those risks, consistent with the requirements of the Gramm-Leach-Bliley Act, the Federal Trade Commission Financial Privacy and Safeguards Rule, and National Institute of Standards recommendations.

    5. Regular monitoring and assessment of the effectiveness of aforementioned safeguards.

Requirements

  • This course requires the ability to view and download content from a website
  • Works on Linux, Windows, iphone, Android, or Mac

Description

This course is directed at anyone interested in complying with WISP training for those who have access to personal identifiable information. This course covers the topics and attestation of signed documents for your organization. The system does not allow upload of documents but does offer attestation the documents are signed.

Signed documents must be handled per your company policy for record keeping. See your designated security officer for more information. Certification of completed training on Udemy is provided, but record keeping is done per your organization requirements.

This course serves as a general training for compliance with WISP requirements. Specific procedures for your firm will need to be presented in addition to this training. This can be in the form of handout, presentation or documentation supplied by your company through a variety of delivery channels. 

The training includes:

  • Information about WISP

  • Identified officers in the organization/firm.

  • Policy sections and documents (separate and consolidated)

  • Safety measures

  • General procedures for print or electronic documents

The written information security plan is a current requirement for anyone working with personally identifiable information or PII. Annual training is a requirement for employees or contractors working at these companies. The designated security coordinator is responsible for making sure everyone who is required, completes this training annually. Any new procedures will be presented each year.

The employee or contractor is presented an acknowledgement letter. The completion of the training presented by the DSC, with any additional policy and procedure information presented by your company to the learner can be presented as annual WISP training. Remember to include "specific" policies and procedures to your employees in addition to this training.

This training is a base and more specific information, if applicable, is needed for your learners.

The course was developed by Marcia K Wilbur, privacy advocate. Her experience in privacy includes working with the US Department of Education and the Arizona Department of Education in creating FERPA training to protect student personal identifiable information. In 2019 Marcia spoke at Yale Law school about privacy. Recently, she spoke at HOPE 2024 in New York about privacy policies and maintains dirtyTOS, sharing information about privacy matters.


Who this course is for:

  • This course audience is employees, new hires, and consultants working with Personally Identifiable Information.