Compliance Services

MA 201 CMR 17 Services

MA 201 CMR 17 Risk Assessment Services

The MA 201 CMR 17 regulation requires that every organization that owns, licenses, stores or maintains personal information about a resident of the Commonwealth of Massachusetts develop, implement, maintain, and monitor a comprehensive written information security program applicable to any records containing such personal information. The information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records. The very first violation of this Massachusetts law resulted in a restaurant chain being fined $110,000. Through our MA 201 CMR 17 Risk Assessment, we will evaluate 20 separate control objectives to understand how your organization is adhering to the requirements of MA 201 CMR 17.

MA 201 CMR 17 Main Areas of Focus

  1. Duty to Protect and Standards for Protecting Personal Information
  2. Computer System Security Requirements


  • MA 201 CMR 17 Risk Assessment Report - This report will outline the required elements within the MA 201 CMR 17 regulation and what the organization is doing compared to these requirements. Each requirement, if applicable, will provide a risk ranking as well as a remediation strategy to reduce the overall risk related to that control
  • Executive Summary Report - This report will provide a high-level overview of the assessment process, methodology used, and overall risk to the organization based on the results of the assessment

Let Compass IT Compliance assist your organization in assessing any risks present through our MA 201 CMR 17 Risk Assessment so you can secure your personal information environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Government Blog Posts

Contact Us