Section 45-14-02-03 - Developing and implementing an information security program The actions and procedures described in this section are examples of methods of implementation of this chapter. These examples are nonexclusive illustrations of practices and procedures that a licensee may follow to implement this chapter.
1. Each licensee identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems. Each licensee assesses the likelihood and potential damage of the risks presented by the threats it has identified, taking into consideration the sensitivity of customer information. Each licensee assesses the sufficiency of the policies and procedures it has in place to control the risks it has identified. 2. Each information security program is designed to control the identified risks, commensurate with the sensitivity of the information and the complexity and scope of the licensee's activities. Each licensee trains staff, as appropriate, to implement the licensee's information security program and regularly tests or otherwise monitors the key controls, systems, and procedures of its information security program. 3. Each licensee exercises due diligence in selecting service providers and obtains satisfactory assurances from the service provider that it will appropriately safeguard the information to meet the objectives of section 45-14-02-02. 4. Each licensee monitors, evaluates, and adjusts, as appropriate, its information security program to reflect any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to its customer information systems. N.D. Admin Code 45-14-02-03
Effective October 1, 2004.General Authority: NDCC 28-32-02
Law Implemented: NDCC 26.1-02-27