IT’S THE LAW – Massachusetts has introduced a tough new data protection law designed to prevent security breaches and identity theft. Any business or state entity that handles Massachusetts residents’ personal information is subject to this law.

1. 201 CMR 17.00 Certification
Meet your
Compliance What is 201 CMR
Requirements
17.00 Certification?
with
IT’S THE LAW…
Confidence In November, 2009, the
Massachusetts Office of Consumer
WHAT IF I DON’T COMPLY? Affairs and Business Regulation
(OCABR) issued a revised
 A civil penalty of $5,000.00 may be levied for
comprehensive set of final
each violation of M.G.L. 93H 201 CMR 17.00
regulations establishing standards
 Under the portion of M.G.L. 93I concerning
for how ALL businesses
data disposal, businesses can be subject to a
(regardless of location) protect and store Massachusetts personal information
fine of up to $50,000.00 for each instance of
about a resident of Massachusetts.
improper disposal.
These regulations require that businesses encrypt documents sent over the
How RetroFit Can Help: Internet or saved on laptops or flash drives, encrypt wirelessly transmitted data
 C r e a t e a Co mp r e he ns i v e I nf o r ma t i o n and deploy up-to-date firewalls to create “an electronic gatekeeper” between the
S ec u ri t y Po l i c y data and the outside world that only allows authorized users to access or transmit
 P e rf o rm an au di t to d et e r mi ne y o u r data.
o r g a ni z a ti o n’ s c u r r e nt l ev e l of
c om pl i a nc e RetroFit offers several 201 CMR 17.00 Assessment Services
 A dv i s e y o u r c om pa n y on s p ec i f i c where you’ll receive specific remediation recommendations.
s t ep s n ee d ed to ac hi ev e c o mp l i a nc e
 D e pl o y an d s up p o r t s e c u r i t y  Assessment –RetroFit will discover the items that are considered relevant
i nf r as t r uc tu r e to au t om a ti c al l y and document them in preparation for scoping and remediation execution.
e n c r y pt em ai l m es s ag es
 Readiness Analysis – After the state assessment, our team continues
 P e rf o rm i ni t i a l s e t u p a nd t r ai ni ng f o r
s of t wa r e t o e nc r y p t y ou r c o mp a n y’ s executing the complete Certification process – including the development of a
l a p to ps a n d o t he r mo bi l e d ev i c es 201 CMR 17 Deficiency Report.
 U p d at e a n d s u p po r t y o u r p r i m a r y
 Remediation and Validation – We’ll help you build a roadmap toward
s ec u ri t y i nf r as t r uc tu r e – i nc l u di ng
compliance with 201 CMR 17 remediation recommendations that will unblock
f i r e wa l l s , V P N ac c es s , an t i - ph i s h i ng ,
the compliance issues in each area.
a n d to ol s t o p r o te c t a ga i n s t
m al i c i o us c od e  Certification – Once you’ve been through the Readiness and Remediation
 I d e n ti f y a n d re c o mm en d r em ed i a t i o n process, you’re now ready for the all important Certification. RetroFIt will
f o r v u l n e r ab i l i ti es p r es e nt i n y o u r
provide a third party review letter and certificate that your business is
i n t e rn al s y s te ms
compliant.
Call RetroFit now at 508.244.2447 to ensure compliancy!