Current through the 2024 Legislative Session
Section 431:3B-204 - Oversight by board of directorsIf the licensee has a board of directors, the board or an appropriate committee of the board shall, at a minimum:
(1) Require the licensee's executive management or its delegates to develop, implement, and maintain the licensee's information security program;(2) Require the licensee's executive management or its delegates to report in writing at least annually, the following information: (A) The overall status of the information security program and the licensee's compliance with this article; and(B) Material matters related to the information security program, addressing issues such as risk assessment, risk management and control decisions, third-party service provider arrangements, results of testing, cybersecurity events or violations and management's responses thereto, and recommendations for changes in the information security program; and(3) If executive management delegates any of its responsibilities under this part, it shall oversee the development, implementation, and maintenance of the licensee's information security program prepared by the delegate and shall receive a report from the delegate complying with the requirements of the report to the board of directors specified in paragraph (2).Added by L 2021, c 112,§ 2, eff. 7/1/2021.