Statutes, codes, and regulations
District Of Columbia Administrative Code
Title 26 - INSURANCE, SECURITIES AND BANKINGSubtitle 26-A - INSURANCE
Chapter 26-A36 - PRIVACY OF CONSUMER FINANCIAL INFORMATION
Rule 26-A3617 - MANAGE AND CONTROL RISK

D.C. Mun. Regs. tit. 26, r. 26-A3617

Download
PDF
Current through Register Vol. 71, No. 49, December 6, 2024
Rule 26-A3617 - MANAGE AND CONTROL RISK
3617.1

The licensee shall:

(a) Design its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities;
(b) Train staff, as appropriate, to implement the licensee's information security program; and
(c) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment.

D.C. Mun. Regs. tit. 26, r. 26-A3617

Emergency Rulemaking published at 47 DCR 9052(November 10, 2000) [EXPIRED]; Emergency Rulemaking published at 48 DCR 2356(March 16, 2001) [EXPIRED]; as Emergency Rulemaking published at 48 DCR 6119(July 1, 2001) [EXPIRED]; as Final Rulemaking published at 48 DCR 8005 (August 24, 2001); as Final Rulemaking published at 50 DCR 1517(February 14, 2003)