Written Information Security Program (WISP)
Document Control
Policy Name: COPPA Information Security Program
Version: 2026-1.0
Effective Date: 26-03-2026
Approved By: Prashant Iyengar - CTO & CISO
Applies To: All employees, contractors, and third-party vendors of Miko.
1. Introduction and Purpose
1.1 Objective
This program ensures the confidentiality, security, and integrity of personal information, including children's data.
1.2 Scope and Definitions
This applies to all systems and personnel handling personal data.
Personal Information Includes:
- Name, address, email, phone number
- Device identifiers (IP, cookies, device ID)
- Photos, videos, audio
- Location data
- Biometric data
2. Responsible Officials
| Name | Role | Responsibilities |
|---|---|---|
| Prashant Iyengar | Security Coordinator | Program management, risk assessment, incident response |
| Rakesh Salian | Technical Lead | Technical safeguards, encryption, patching |
Responsibilities
- Review program annually
- Train employees
- Ensure vendor compliance
- Report to management
3. Risk Assessment
Conducted annually or when major changes occur.
- Internal Risks: Unauthorized access, weak passwords
- External Risks: Cyber attacks, malware
- Data Risks: Data corruption or misuse
4. Security Safeguards
4.1 Administrative
- Employee training (annual)
- Role-based access control
- Access revoked after exit
4.2 Technical
- Encryption (TLS, AES-256)
- Multi-factor authentication
- Strong password policy
- Firewall protection
4.3 Physical
- Encrypted devices
- Restricted facility access
4.4 Development
- Code reviews
- Data minimization
4.5 Data Retention
Data is stored only as long as needed and securely deleted afterward.
5. Monitoring
- Continuous system monitoring
- Regular vulnerability scans
- Annual penetration testing
6. Third-Party Vendors
- Security checks before onboarding
- Written agreements required
7. Incident Response
- Detect and analyze breach
- Contain and fix issue
- Restore systems
- Notify affected users if required
8. Program Updates
This document is reviewed annually and updated as needed.
Attachments
A. Hardware Inventory
| Device ID | Type | User | Location | Encrypted |
|---|
B. Authorized Access
| Name | Role | Reason |
|---|
C. Rules of Behavior
- No password sharing
- Lock systems when away
- No unauthorized software
- Report suspicious activity
D. Employee Acknowledgement
Employees must acknowledge and follow this policy.
E. Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 16-03-2026 | Initial version |
