Pennsylvania Code
Title 31 - INSURANCE
Part VIII - Miscellaneous Provisions
Chapter 146c - STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION
Section 146c.7 - Manage and control risk
Current through Register Vol. 54, No. 12, March 23, 2024
The licensee:
(1) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities.
(2) Trains staff, as appropriate, to implement the licensee's information security program.
(3) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment.
This section cited in 31 Pa. Code § 146c.5 (relating to examples of methods of development and implementation).