Statutes, codes, and regulations
New York Codes, Rules and Regulations
Title 11 - INSURANCEChapter XIX - Privacy Of Consumer Financial and health InformationPart 421 - Standards For Safeguarding Customer Information
Development and Implementation of Information Security Program
Section 421.6 - Manage and control risk

N.Y. Comp. Codes R. & Regs. tit. 11 § 421.6

Download
PDF
Current through Register Vol. 46, No. 50, December 11, 2024
Section 421.6 - Manage and control risk

The licensee:

(a) designs its information security program to control the identified risks, commensurate with the sensitivity of the information as well as the complexity and scope of the licensee's activities;
(b) trains staff, as appropriate, to implement the licensee's information security program; and
(c) regularly tests the key controls, systems and procedures of the information security program. The frequency and nature of such tests are determined by the licensee's risk assessment.

N.Y. Comp. Codes R. & Regs. Tit. 11 § 421.6