Protecting Information at Massachusetts Institute of Technology

Welcome to MIT's updated Written Information Security Program (WISP).

This new program is based on classifying Institute research data and administrative information according to the risk posed by the loss of confidentiality, integrity, or availability of the information. Three levels of risk are defined (Low, Medium, and High). For each level there are associated tasks to appropriately secure the information at that level, along with links to instructions for how to complete each task.

This program has been developed by a working group comprised of members from the Office of General Counsel, Audit Division, Risk Management, and Information Systems & Technology. Community input was sought through an extensive pilot effort that included participants from both academic and administrative areas. Our goal is to provide the MIT community with an easily understood program to protect Institute information, fulfilling MIT Policy 13.2.2.2, Security of Information.

Please review the material here, determine your information's risk level, learn how to protect it, and take action.

The previous WISP has been archived.