Business Security Plan

Sound security for businesses means regular risk assessment, effective coordination and oversight, and prompt response to new developments. Following are some points all businesses need to consider as you design and implement your information security plan:

• Identifying internal and external risks to the security, confidentiality and integrity of your customers' personal information
  
  
• Designing and implementing safeguards to control the risks
  
  
• Periodically monitoring and testing the safeguards to be sure they are working effectively
  
  
• Adjusting your security plan according to the results of testing, changes in operations or other circumstances that might impact information security
  
  
• Overseeing the information handling practices of service providers and business partners who have access to the personal information. If you give another organization access to your records or computer network, you should make sure they have implemented sufficient security of their own.

When setting up a security program, your business should consider all the relevant areas of its operations, including employee management and training; information systems, including network and software design, and information processing, storage, transmission and disposal, and contingencies, including preventing, detecting and responding to a system failure. Although the security planning process is universal, there's no "one size fits all" security plan. Every business faces its own special risks. The administrative, technical, and physical safeguards that are appropriate really depend on the size and complexity of the business, the nature and scope of the business and the sensitivity of the consumer information it keeps.