Bryley complies with Massachusetts 201 CMR 17.00
On March 1st, 2010, the Commonwealth of Massachusetts mandated that all organizations secure and continuously protect the personal information of Massachusetts residents, both physically and electronically. (The statute is Mass. 201 CMR 17.00.)
In 2009, Bryley Systems complied with all requirements of 201 CMR 17.00 and continues to meet and exceed these requirements. (We estimate that our initial effort in 2009 to comply with this statute consumed over 250 hours and required significant out-of-pocket expenditures in additional security equipment and software.)
Because 201 CMR 17.00 requires the protection of personal information of Massachusetts residents, we believe organizations have greater levels of risk based on their business needs and processes. We classify organization risk levels as follows, based on the information retained and processed within the organization:
- Low risk – Organizations that only retain employee data
- Moderate risk – Organizations that process credit cards
- High risk – Organizations that retain and process financial information
Bryley assists organizations in meeting the technical requirements of 201 CMR 17 through our three-part program:
1. Comprehensive Support Program (CSP) & Managed Anti-Malware (MAM) – An ongoing, managed-IT service that provides continuous updates and scans to managed equipment, which includes Windows-based workstations and servers, firewalls, and related equipment.
2. Secure Network (SN) – An ongoing, managed-IT service that prevents intrusion, malware, and spam from entering the computer network through its Internet gateway and can restrict web-site surfing to inappropriate sites.
3. Multi-Point Security Hardening Service (MPSHS) – A periodic review to harden your computer-network security by reviewing/updating policies and configurations.
With this program, Bryley Systems can help your organization comply with the technical aspects of Massachusetts 201 CMR 17.00.