What the MPICA™ Assessment will Evaluate
- Identification of personal information on computer systems and devices
- User access policies
- Server and computer protection
- Firewall
- Portable devices (PDAs,USB flash drives, backup tapes, laptops)
- Electronic transmission of personal information and wireless networks
Identification of personal information on computer systems and devices
NSK Inc will use a software package to actively scan your network and identify the location of personal information. We will install the software on a server, as well as use information we gather from you and your IT staff to determine which laptops and desktops need to be scanned. We scan all servers, desktops, laptops to identify personal information and report on its location.
For large organizations we can spot check for false positives. Once personal information is identified, we can work with you to ensure accordance with the regulations.
User access policies
A large part of the regulation is focused on user access policy. NSK Inc. will perform an assessment of the user access policy currently in use at your organization and determine whether or not your current policies fall within the regulation.
These policies include password strength, change frequency, access to personal information, username structure and retention, as well as other IT specifics regarding the user access to personal information.
Server and computer protection
NSK Inc. will evaluate the safeguards in place to protect your organization from external threats. We will ensure that precautionary measures will be taken such as malware protection, spyware protection and virus protection. Most organizations that have some form of virus protection in place are unsure of how well it is performing.
NSK Inc. will also evaluate the health of your system and will make recommendations to ensure the maximum computer system protection possible. We can confirm the system is updating regularly, active on all production machines and protecting your devices from all forms of external attack.
Firewall
201 CMR 17.00 has specific conditions regarding firewall protection. NSK Inc. will provide an IT evaluation regarding the health, age, strength and overall effectiveness of the firewall in place.
In the event that the firewall does not meet the needs of the organization or this regulation, we will recommend one that does. As part of this process we will also check the general firewall configuration and insure that best practices are followed. Although this is NOT a vulnerability assessment, MPICA is designed to ensure that IT best practices are followed and security risks are minimized or eliminated.
Portable devices (PDAs, USB flash drives, backup tapes, laptops)
As part of the evaluation, we will work with you and your staff to assess the movement of personal information into and out of the organization. By looking at common IT devices and policies surrounding them, we can make IT security recommendations on how to ensure that your organization decreases its risk of security breach through the use of mobile data storage and other mobile technologies.
Electronic transmission of personal information and wireless networks
Lastly, as part of the MPICA assessment NSK Inc. will identify and evaluate the movement of personal information via e-mail, FTP and wireless technologies. 201 CMR 17 specifically regards the need for encryption of data transfer containing personal information. Our IT security assessment is specially designed to identify this data and provide IT solutions for data security regarding transmission and ease of use. Wireless networks also fall under this category in that you need to ensure a strong, reasonable encryption.
Contact NSK
Office of Consumer Affairs Press Release