- Compliance Services
- Cybersecurity & Risk
- Performance Services
- Technology Solutions
- Events & Education
ACA Compliance Group (“ACA”) has developed and implemented a written information security plan (“WISP”) to establish effective safeguards to protect personal and confidential information received by of ACA’s clients, employees, and other persons. This is a summary of ACA’s WISP.
ACA’s WISP is intended to ensure that ACA has a robust information safeguarding program. In addition, it addresses ACA’s information safeguarding obligations under applicable privacy and information safeguarding laws, as well as ACA’s contractual confidentiality obligations to its clients. Specifically, ACA’s WISP is designed to:
The policies and procedures in ACA’s WISP broadly apply to all information, in paper or electronic form, and generally apply without regard to whether a particular document or record contains “Personal Information.” However, in certain instances, specific procedures are required when a record or communication involves Personal Information.
All ACA employees are subject to the WISP. Certain independent contractors of ACA are subject to the WISP while performing services for ACA, if and to the extent specified in the independent contractor’s written agreement with ACA.
ACA’s General Counsel and ACA’s Chief Information Officer serve as the “WISP Coordinators.” In developing and implementing the WISP, the WISP Coordinators:
On an ongoing basis, the WISP Coordinators are responsible for:
The WISP describes a number of technology-based information security measures, safeguards, and procedures, covering the following areas:
The WISP addresses physical office security (locks/keys, desk policy, printers, faxes, visitor access, etc.). It contains special procedures for working in out of the office (i.e., in client offices, home offices, or in other public settings). It also sets forth procedures for training new ACA staff, processing departing employees, and disciplining ACA staff for WISP violations.
The WISP contains guidelines for secure transmission of information between ACA and its clients and vendors, and addresses due diligence of ACA vendors. It also contains requirements for the reporting of suspected or actual security breaches.
All ACA staff are required to certify that they have received a copy of the WISP, have read it, and intend to comply with its terms.
The Table of Contents for the current version of ACA’s WISP is copied below.
Additional questions about ACA’s WISP should be directed to ACA’s General Counsel, Cathie Saadeh, at (301) 495-7850.