Compliance Services

MA 201 CMR 17 Services

MA 201 CMR 17 Compliance Services

The MA 201 CMR 17 regulation requires that every organization that owns, licenses, stores or maintains personal information about a resident of the Commonwealth of Massachusetts develop, implement, maintain, and monitor a comprehensive written information security program applicable to any records containing such personal information. The information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records. The very first violation of this Massachusetts law resulted in a restaurant chain being fined $110,000. Through our MA 201 CMR 17 Risk Assessment, we will evaluate 20 separate control objectives to understand how your organization is adhering to the requirements of MA 201 CMR 17.

MA 201 CMR 17 Main Areas of Focus

  1. Duty to Protect and Standards for Protecting Personal Information
  2. Computer System Security Requirements

Compass IT Compliance Services

  • MA 201 CMR 17 Risk Assessment - Assess your current level of compliance with MA 201 CMR 17, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the regulation
  • MA 201 CMR 17 Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against MA 201 CMR 17 requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy regulation requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the MA 201 CMR 17 Risk Assessment, the MA 201 CMR 17 Audit will include evidence sampling
  • MA 201 CMR 17 Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to MA 201 CMR 17, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to MA 201 CMR 17

Let Compass IT Compliance assist your organization in assessing any risks present through our MA 201 CMR 17 services so you can secure your personal information environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Government Blog Posts

Contact Us