Information Security Programs for Cannabis
A proposed ASTM International standard will provide structure, suggestions, basic requirements, and background education for developing an information security program specific to cannabis businesses. ASTM’s committee on cannabis (D37) is developing the proposed standard.
The proposed standard (WK69969) will assist cannabis business entities with implementing an information security program to protect information assets from unauthorized use and attacks using a team approach.
“The practice includes steps to establish a workgroup, conduct risk assessment and analysis, set priorities, and select and design controls to prevent and detect intrusions,” says ASTM member Patricia Haley, PWG principal consultant. “In addition, it will handle response and recovery using a framework of physical, technological, and human factor controls along a continuum of prevention, detection, response and recovery.”
ASTM welcomes participation in the development of its standards. Become a member of ASTM.