Welcome to MIT's updated Written Information Security Program (WISP).
This new program is based on classifying Institute research data and administrative information according to the risk posed by the loss of confidentiality, integrity, or availability of the information. Three levels of risk are defined (Low, Medium, and High). For each level there are associated tasks to appropriately secure the information at that level, along with links to instructions for how to complete each task.
This program has been developed by a working group comprised of members from the Office of General Counsel, Audit Division, Risk Management, and Information Systems & Technology. Community input was sought through an extensive pilot effort that included participants from both academic and administrative areas. Our goal is to provide the MIT community with an easily understood program to protect Institute information, fulfilling MIT Policy 22.214.171.124, Security of Information.
Please review the material here, determine your information's risk level, learn how to protect it, and take action. If you would like a member of the team to meet with your department, lab, or center to discuss this program, please submit a request. Please also take a moment to send your feedback to the working group. Your input will help us improve the security of information at MIT.
The previous WISP has been archived.