Privacy Audit

Section 17.04 of the new Massachusetts privacy regulation establishes specific requirements for the protection of personal information stored electronically. The steps reqired by the regulation are consistent with industry best practices for protecting sensitive information, but many small businesses will find that these protections are more stringent than what they currently have in place. Additionally, the language of the regulation does not refer to specific products or technologies, so it's very hard for a non-technical business owner or office manager to translate the wording of the regulation into real action items.

To help our clients deal with these challenges, Atlas T.C. has spent the past six months examining the nuances of the regulation and researching the easiest and most cost-effective ways for small businesses to make the changes necessary to comply with the new regulation. We have developed a comprehensive technology audit that allows us to quickly evaluate how close your company is to being in compliance and give you a list of steps to take between now and the March 1 deadline.

The audit process is simple and straightforward:

  1. When you contact us to schedule your audit, we'll provide you with a questionnaire to fill out before we arrive. The questionnaire will help us to understand what kinds of personal information you are currently storing (and where), as well as what protections you currently have in place for this information. You should plan to spend about two hours completing the questionnaire.
  2. On the day of the audit, we'll check your network, servers, and desktops to make sure that all personal information is properly secured. The length of the audit varies depending on how many desktops and servers you have, but most audits are completed by two techs in two hours or less.
  3. Once we've gathered all the information we need, we'll prepare a detailed audit report. This report will explain each of the technology requirements in language you can understand, and tell you how your company measures up. If there are any deficiencies, the report will include specific action items to address the issues. (To get a preview of what the report is like, you can download the table of contents and the introduction.) In most cases, we can deliver the report within two business days after the audit.
  4. After you've had a chance to review the report, we'll schedule a follow-up meeting to go over our recommendations and make sure you understand everything. We've worked very hard to make the recommendations vendor-neutral, so any competent IT manager or consultant should be able to implement them; however, if you need additional help from us with specific items we can let you know at this point how much it would cost.

With the March 1 deadline quickly approaching, there's no time to wait. Hopefully you're already well on your way to compliance, but if you need a jump-start on getting your computer system security up to par, why not contact us to schedule a privacy audit today?