A comprehensive record of all systems, applications, and locations where your firm stores, processes, or transmits client data.
A data inventory (also called a data map or information asset inventory) is a documented catalog of every system, application, device, and physical location where your firm stores, processes, or transmits sensitive client information. For each entry, the inventory records what type of data is stored, who has access, what security controls are in place (MFA, encryption, backups), whether a Business Associate Agreement or Data Processing Agreement exists, and the data classification level (public, internal, confidential, restricted).
You cannot protect data you do not know about. The FTC Safeguards Rule requires firms to know where customer information is stored and to have appropriate safeguards for each location. A data inventory is the starting point for risk assessments, policy generation, and control testing. When a breach occurs, having a current data inventory allows you to quickly determine the scope of exposed data and meet state notification deadlines.
The Data Inventory & Classification module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy