{"id":7316,"date":"2020-08-04T11:31:42","date_gmt":"2020-08-04T15:31:42","guid":{"rendered":"https:\/\/www.sage.com\/en-us\/blog\/?p=7316"},"modified":"2026-07-09T10:26:54","modified_gmt":"2026-07-09T14:26:54","slug":"data-protection-how-to-create-a-wisp","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-us\/blog\/data-protection-how-to-create-a-wisp\/","title":{"rendered":"Data protection: How to create a written information security policy (WISP)"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-us\/blog\/category\/strategy-legal-operations\/\" class=\"entry-header__link\">Strategy, Legal &amp; Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tData protection: How to create a written information security policy (WISP)\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \">Published <time class=\"entry-date published\" datetime=\"2020-08-04T11:31:42-04:00\">August 4, 2020<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"Data protection: How to create a written information security policy (WISP)\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-us\/blog\/data-protection-how-to-create-a-wisp\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n\t<\/header>\n\n\n\n<div class=\"wp-block-post-author has-dark-background-color alignfull\">\n\t<div class=\"container\">\n\t\t<div class=\"col\">\n\t\t\t\t\t\t\t<div class=\"co-authors\">\n\t\t\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-us\/blog\/author\/mikegoodwin\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2020\/07\/Mike-Goodwin-350x350.jpg\" class=\"entry-author__image\" alt=\"\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2020\/07\/Mike-Goodwin-350x350.jpg 350w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2020\/07\/Mike-Goodwin.jpg 400w\" sizes=\"auto, (max-width: 40px) 100vw, 40px\" \/>\t\t\t\t<span class=\"entry-author__name\">Mike Goodwin<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The implementation of the <a title=\"GDPR: What employers need to know\" href=\"https:\/\/www.sage.com\/en-us\/blog\/gdpr-10-important-things-your-business-needs-to-know\/\">General Data Protection Regulation<\/a> (GDPR) in Europe served as a wake-up call for several U.S. states.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While several introduced legislation, New York and California, in particular, have enacted similar although not identical statutes intended to protect the personal information of individuals: the SHIELD Act, and the California Consumer Privacy Act (CCPA),<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In both cases, the new legislation builds on existing laws in an attempt to fully modernize in our digital age. The <a title=\"14 ways to comply with the California Consumer Privacy Act (CCPA)\" href=\"https:\/\/www.sage.com\/en-us\/blog\/14-ways-to-comply-with-ccpa\/\" target=\"_blank\" rel=\"noopener noreferrer\">CCPA is the more substantial<\/a> in terms of new or additional requirements, placing restrictions on business while affording new rights to individuals. In comparison, the SHIELD Act is limited to protecting personal information owned or used by businesses and individuals, and is intended to deal with data breaches.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-value-of-a-wisp\">The value of a WISP<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Both pieces of legislation demonstrate the vital need for a written information security policy, or WISP, within businesses across the U.S.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It&#8217;s advisable to do this even if there is no express legal requirement for it within the state where the business is based. Should your business face litigation following a data breach, having a good-quality, consistently implemented, and followed WISP is likely to be key to constructing a defense.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The value of a WISP is found also in its creation, because it prompts the business to assess risks in relation to consumer data and implement appropriate protective measures. It can also educate employees and others inside or outside the business about data protection measures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You may find creating a WISP to be a task that requires external help, and this is a route many businesses take. Data protection consultants can be found easily online, but try to find recommendations from businesses similar to your own. Often the perspective of an outsider can be invaluable in identifying data protection issues within your business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-create-a-wisp\">How to create a WISP<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Creating a high-quality WISP is likely to involve examination of all parts of a business, because there are very few functions and employees that do not handle data in some fashion. In this regard, it&#8217;s worth remembering that legislation such as the CCPA covers not just computer data but also written data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Start by assigning an owner. All plans need a single point of contact; a single person owns the plan and can delegate. This needn&#8217;t necessarily be a senior member of staff. However, employees and external stakeholders need to know who it is. This person should be the key sense-checker for the WISP\u2014the person who ensures the program makes sense, and that nothing has been assumed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Invite input from all sources. Information should be gathered from all functions, departments, employees and other individuals. The question asked of each should simply be: What data do you handle, and how sensitive is it? Note that some departments or individuals may not actively deal with data, but may store historic data within their remit. You should ensure no department us excluded, either accidentally or deliberately.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All sources should also identify what legislation covers their specific function or roles, or notify you if there is a need to seek legal counsel if they are unsure or simply do not know. Compliance with this should then be built into the program.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Risk assessment should also be part of this planning and outlining stage. This can be an extensive process to undertake and is one area in particular where you might require external guidance from a data protection expert.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You should consider your entire ecosystem\u2014internally and externally, from supplier to customer (or client). Your program may include specific plans detailing how to deal with individual suppliers or customer\/clients, especially those that present data protection challenges, such as businesses you buy\/sell data with, or those who require you to share data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-ensuring-legal-compliance\">Ensuring legal compliance<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The International Association of Privacy Professionals has produced a <a title=\"Model Written Information Security Program\" href=\"https:\/\/iapp.org\/resources\/article\/model-written-information-security-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">Model Written Information Security Program<\/a>, that can form the basis for your own WISP.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Their model program document addresses the requirements of the following state laws, and if you are creating a WISP from scratch then it&#8217;s advisable your program does the same:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Massachusetts&#8217;s Data Security Regulation (201 Code Mass. Regs. 17.01 to 17.05).<\/li>\n\n\n\n<li>Similar state laws, such as those of Oregon and Rhode Island (Or. Rev. Stat. \u00a7646A.622; R.I. Gen. Laws \u00a711-49.3-3(a)(8)).<\/li>\n\n\n\n<li>The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (16 C.F.R. \u00a7\u00a7314.1 to 314.5).<\/li>\n\n\n\n<li>State insurance data security laws based on the National Association of Insurance Commissioners (NAIC) Model Insurance Data Security Law (MDL-668).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">While creating a single WISP that acknowledges all state and federal data protection requirements is a challenge, it is certainly possible\u2014and should be considered a minimum for whatever you create.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note that your WISP needs to be specific to your own business and circumstances. While a model WISP is a good starting point for drafting, you must customize it to address the unique risks and practices of your own business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-implementing-your-wisp\">Implementing your WISP<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Once the WISP has been created it should be considered a living document, with periodic reviews required to update the program according to changes or updates in occurrences such as new or modified state or federal laws, or to take into account changes within the business that mean data is handled in a new or different way.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When scheduling your periodic reviews of your WISP, bear in mind any statutory requirements, as well as how fast-paced your business is and how often you implement changes in company systems that hold personal information. Your periodic reviews and updates of your WISP should keep up with the pace of change in your business, such that there is no significant lag between a change in relevant circumstances and a change in your WISP.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The WISP should be communicated to all stakeholders\u2014from employees, to suppliers, to customers\/clients. This could involve putting it online with a link from your home page, or even producing a printed document that you distribute. You should ensure that you get and keep acknowledgements from these people or organizations. All newly hired employees should also receive a copy and provide an acknowledgement. Consider whether any consultants of your business have access to personal data and need to be informed of relevant provisions of your WISP as well.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Training might be required to implement your WISP. If so, you should keep records of who attended, whether they completed the training, and any receipts that might help prove that the training occurred should there be a need to prove this in future.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.sage.com\/en-us\/ccpa\/\">Click here to learn about the California Consumer Privacy Act<\/a><\/div>\n<\/div>\n\n\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner on-scroll-highlight__target\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to our Sage Advice Newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Get our latest business advice delivered directly to your inbox.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-ab515c6e-7e90-4c2f-a67e-113872516e8b\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1073797282-1440x810.jpg\" class=\"single-cta__image\" alt=\"Working from home with tea in hand\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1073797282-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n<section class=\"more-topics alignfull has-grey-light-background-color wp-block-sage-post-topics\">\n\t<div class=\"container\">\n\t\t<div class=\"row\">\n\t\t\t<div class=\"col col-12 col-lg-4\">\n\t\t\t\t<h3 class=\"more-topics__title h2\">Browse more topics from this article<\/h3>\n\t\t\t<\/div>\n\t\t\t<div class=\"col col-12 col-lg-8\">\n\t\t\t\t<ul class=\"post-tags__list\">\n\t\t\t\t\t\t\t\t\t\t\t<li class=\"post-tags__item\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-us\/blog\/hub\/compliance\/\" class=\"post-tags__link button button--secondary\">\n\t\t\t\t\t\t\t\tCompliance &amp; Regulation\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n<div class=\"alignfull wp-block-sage-related-posts\">\n\t<section class=\"related-posts card-grid has-dark-background-color\">\n\t<div class=\"container\">\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t<div class=\"col\">\n\t\t\t\t\t<h2 class=\"related-posts__heading related-posts__heading--featured h1\">Explore more wisdom<\/h2>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t<div class=\"row related-posts__featured\">\n\t\t\t\t<div class=\"col card-grid__item\">\n\t\t\t\t\t<article\n\t\tclass=\"card-post related-post related-post-0 post-36478 post type-post status-publish format-standard has-post-thumbnail hentry category-growth-customers category-money-matters category-strategy-legal-operations tag-boss-your-business tag-business-strategy tag-compliance tag-growing-a-business business_type-small-business business_type-growing-business industry-financial-services card-post--is-clickable\"\n>\n\t<div class=\"card-post__media-wrapper\">\n\t\t<figure class=\"card-post__media\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1215\" height=\"810\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/GettyImages-944515884-1215x810.jpg\" class=\"card-post__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/GettyImages-944515884-684x384.jpg 684w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/GettyImages-944515884-768x512.jpg 768w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/GettyImages-944515884-1215x810.jpg 1215w\" sizes=\"auto, (min-width: 48em) 250px, (min-width: 30em) 100vw, 100vw\" \/>\t\t\t\n\t\t\t\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\n\t<div class=\"card-post__content\">\n\t\t\t\t\t<div class=\"card-post__label\">Recommended<\/div>\n\t\t\n\t\t\t\t\t<div class=\"card-post__meta\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2026-05-06T12:23:24-04:00\">May 6, 2026<\/time><\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"reading-time\">10 min read<\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\n\t\t<p class=\"card-post__title h3\">\n\t\t\t\t\t\t\t<a\n\t\t\t\t\tclass=\"card-post__title-link\"\n\t\t\t\t\thref=\"https:\/\/www.sage.com\/en-us\/blog\/how-to-grow-an-insurance-agency\/\"\n\t\t\t\t>\n\t\t\t\n\t\t\tHow to grow an insurance agency sustainably\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/p>\n\n\t\t\n\t\t\t\t\t<p class=\"card-post__description\">\n\t\t\t\tGrowing an insurance agency but unsure where to focus? Learn proven insurance agency growth strategies covering client acquisition, retention, financial visibility, and the operational systems that help independent agencies scale with confidence.\t\t\t<\/p>\n\t\t\n\t\t\t<\/div>\n\n\t<\/article>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\n\t\t\t\t\t<div class=\"row related-posts__non-featured\">\n\t\t\t\t<div class=\"col col-12\">\n\t\t\t\t\t<h2 class=\"related-posts__heading related-posts__heading--more h4\">More on this Topic<\/h2>\n\t\t\t\t<\/div>\n\n\t\t\t\t\n\t\t\t\t\t<div class=\"col col-6 col-lg-3 card-grid__item\">\n\t\t\t\t\t\t<article\n\t\tclass=\"card-post related-post related-post-1 post-36453 post type-post status-publish format-standard has-post-thumbnail hentry category-money-matters category-strategy-legal-operations tag-compliance business_type-small-business business_type-accountants business_type-growing-business industry-financial-services\"\n>\n\t\t\t<a\n\t\t\tclass=\"card-post__link\"\n\t\t\thref=\"https:\/\/www.sage.com\/en-us\/blog\/audit-readiness\/\"\n\t\t\t\t\t>\n\t\t\t<figure class=\"card-post__media\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"684\" height=\"384\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2024\/10\/BrandShoot-LND_June2024_Financial-Services_0465-684x384.jpg\" class=\"card-post__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2024\/10\/BrandShoot-LND_June2024_Financial-Services_0465-684x384.jpg 684w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2024\/10\/BrandShoot-LND_June2024_Financial-Services_0465-768x512.jpg 768w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2024\/10\/BrandShoot-LND_June2024_Financial-Services_0465-1214x810.jpg 1214w\" sizes=\"auto, (min-width: 48em) 250px, (min-width: 30em) 100vw, 100vw\" \/>\t\t\t\n\t\t\t\n\t\t\t\t\t<\/figure>\n\n\t\t\n\t\t\t\t\t<div class=\"card-post__meta\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2026-05-06T10:30:18-04:00\">May 6, 2026<\/time><\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"reading-time\">7 min read<\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\n\t\t<p class=\"card-post__title h5\">\n\t\t\tAudit readiness: A complete guide for finance teams\t\t<\/p>\n\n\t\t\t<\/a>\n\t\n\t\n\t\t\n\t\n\t<\/article>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t<div class=\"col col-6 col-lg-3 card-grid__item\">\n\t\t\t\t\t\t<article\n\t\tclass=\"card-post related-post related-post-2 post-34079 post type-post status-publish format-standard has-post-thumbnail hentry category-strategy-legal-operations tag-compliance tag-food-beverage business_type-growing-business industry-food-beverage industry-hospitality\"\n>\n\t\t\t<a\n\t\t\tclass=\"card-post__link\"\n\t\t\thref=\"https:\/\/www.sage.com\/en-us\/blog\/restaurant-franchise-reporting-requirements\/\"\n\t\t\t\t\t>\n\t\t\t<figure class=\"card-post__media\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"684\" height=\"384\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1297061487-684x384.jpg\" class=\"card-post__image\" alt=\"Waiter holding food at a restaurant\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1297061487-684x384.jpg 684w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1297061487-768x432.jpg 768w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1297061487-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 250px, (min-width: 30em) 100vw, 100vw\" \/>\t\t\t\n\t\t\t\n\t\t\t\t\t<\/figure>\n\n\t\t\n\t\t\t\t\t<div class=\"card-post__meta\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2026-01-15T10:29:41-05:00\">January 15, 2026<\/time><\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"reading-time\">5 min read<\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\n\t\t<p class=\"card-post__title h5\">\n\t\t\tRestaurant franchise reporting requirements: Why compliance matters\t\t<\/p>\n\n\t\t\t<\/a>\n\t\n\t\n\t\t\n\t\n\t<\/article>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t<div class=\"col col-6 col-lg-3 card-grid__item\">\n\t\t\t\t\t\t<article\n\t\tclass=\"card-post related-post related-post-3 post-7515 post type-post status-publish format-standard has-post-thumbnail hentry category-free-guides-templates category-technology-innovation tag-compliance tag-digital-transformation tag-fixed-assets business_type-growing-business\"\n>\n\t\t\t<a\n\t\t\tclass=\"card-post__link\"\n\t\t\thref=\"https:\/\/www.sage.com\/en-us\/blog\/technology-mitigate-risks-ghost-zombie-assets\/\"\n\t\t\t\t\t>\n\t\t\t<figure class=\"card-post__media\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"684\" height=\"384\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1205070587-684x384.jpg\" class=\"card-post__image\" alt=\"Married lady working on laptop\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1205070587-684x384.jpg 684w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1205070587-768x432.jpg 768w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1205070587-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 250px, (min-width: 30em) 100vw, 100vw\" \/>\t\t\t\n\t\t\t\n\t\t\t\t\t<\/figure>\n\n\t\t\n\t\t\t\t\t<div class=\"card-post__meta\">\n\t\t\t\t\t\t\t\t\t<svg role=\"presentation\" aria-hidden=\"true\" focusable=\"false\" width=\"24\" height=\"24\" class=\"card-post__meta-icon svg-icon\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 24 24\"><path d=\"M11.988 2.989a.75.75 0 0 0-.739.761v10.689l-1.72-1.72a.75.75 0 0 0-.957-.099.75.75 0 0 0-.315.776c.031.146.104.28.211.384l3 3a.75.75 0 0 0 1.06 0l3-3a.76.76 0 0 0 .231-.533.74.74 0 0 0-.22-.538q-.108-.106-.247-.164c-.139-.058-.191-.057-.291-.056s-.198.022-.29.061-.174.097-.243.169l-1.72 1.72V3.75a.76.76 0 0 0-.22-.541.76.76 0 0 0-.542-.22zM5.75 8.5C4.24 8.5 3 9.74 3 11.25v7C3 19.76 4.24 21 5.75 21h12.5c1.51 0 2.75-1.24 2.75-2.75v-7c0-1.51-1.24-2.75-2.75-2.75h-3a.76.76 0 0 0-.537.216.74.74 0 0 0-.223.535.76.76 0 0 0 .223.535.74.74 0 0 0 .537.216h3c.699 0 1.25.551 1.25 1.25v7a1.24 1.24 0 0 1-1.25 1.25H5.75a1.24 1.24 0 0 1-1.25-1.25v-7c0-.699.551-1.25 1.25-1.25h3a.76.76 0 0 0 .537-.216.74.74 0 0 0 .223-.535.76.76 0 0 0-.223-.535.75.75 0 0 0-.537-.216z\" \/><\/svg>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2026-01-13T12:24:18-05:00\">January 13, 2026<\/time><\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"reading-time\">5 min read<\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\n\t\t<p class=\"card-post__title h5\">\n\t\t\t5 ways technology can mitigate the risks of ghost and zombie assets\t\t<\/p>\n\n\t\t\t<\/a>\n\t\n\t\n\t\t\n\t\n\t<\/article>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t<div class=\"col col-6 col-lg-3 card-grid__item\">\n\t\t\t\t\t\t<article\n\t\tclass=\"card-post related-post related-post-4 post-33067 post type-post status-publish format-standard has-post-thumbnail hentry category-strategy-legal-operations tag-boss-your-business tag-business-continuity tag-cash-flow tag-cloud-financial-management tag-compliance tag-productivity tag-small-business business_type-small-business business_type-growing-business industry-nonprofit\"\n>\n\t\t\t<a\n\t\t\tclass=\"card-post__link\"\n\t\t\thref=\"https:\/\/www.sage.com\/en-us\/blog\/master-federal-grant-compliance-for-nonprofits\/\"\n\t\t\t\t\t>\n\t\t\t<figure class=\"card-post__media\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"684\" height=\"384\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2025\/08\/Mar2025_NFP-Human-Services-shelter_1011-684x384.jpeg\" class=\"card-post__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2025\/08\/Mar2025_NFP-Human-Services-shelter_1011-684x384.jpeg 684w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2025\/08\/Mar2025_NFP-Human-Services-shelter_1011-768x512.jpeg 768w, https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2025\/08\/Mar2025_NFP-Human-Services-shelter_1011-1214x810.jpeg 1214w\" sizes=\"auto, (min-width: 48em) 250px, (min-width: 30em) 100vw, 100vw\" \/>\t\t\t\n\t\t\t\n\t\t\t\t\t<\/figure>\n\n\t\t\n\t\t\t\t\t<div class=\"card-post__meta\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2025-10-24T09:00:00-04:00\">October 24, 2025<\/time><\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"card-post__meta-text\"><span class=\"reading-time\">4 min read<\/span><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\n\t\t<p class=\"card-post__title h5\">\n\t\t\tHow nonprofits can master federal grant compliance\t\t<\/p>\n\n\t\t\t<\/a>\n\t\n\t\n\t\t\n\t\n\t<\/article>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n<\/section>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The introduction of the CCPA and the New York SHIELD Act means it&#8217;s vital for businesses to have a written information security program, or WISP.<\/p>\n","protected":false},"author":1086,"featured_media":7328,"menu_order":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"sage_hide_published_date":false,"sage_hide_read_time":false,"sage_hide_share_buttons":false,"_pwl_sage_podcast_buzzsprout_src":"","footnotes":""},"categories":[348,44],"tags":[116],"business_type":[40,312,41],"lilypad":[],"context":[],"industry":[56,57,55],"persona":[98],"imagine_tag":[230],"coauthors":[776],"class_list":["post-7316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-free-guides-templates","category-strategy-legal-operations","tag-compliance","business_type-small-business","business_type-accountants","business_type-growing-business","industry-ecommerce","industry-financial-services","industry-professional-services"],"sage_meta":{"region":"en-us","author_name":"Mike Goodwin","featured_image":"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2020\/07\/3S-Solar-Plus-AG_FY19_-X3_953-1.jpg","imagine_tags":{"230":"Small business"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice US","distributor_original_site_url":"https:\/\/www.sage.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/7316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/users\/1086"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/comments?post=7316"}],"version-history":[{"count":1,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/7316\/revisions"}],"predecessor-version":[{"id":37039,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/7316\/revisions\/37039"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media\/7328"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media?parent=7316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/categories?post=7316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/tags?post=7316"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/business_type?post=7316"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/lilypad?post=7316"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/context?post=7316"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/industry?post=7316"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/persona?post=7316"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/imagine_tag?post=7316"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/coauthors?post=7316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}