West Virginia Code of State Rules
Agency 114 - Insurance Commission
Title 114 - LEGISLATIVE RULE INSURANCE COMMISSIONER
Series 114-62 - Standards For Safeguarding Consumer Information
Section 114-62-5 - Methods of Development and Implementation

Universal Citation: 114 WV Code of State Rules 114-62-5

Current through Register Vol. XLI, No. 38, September 20, 2024

5.1. The actions and procedures set forth in this section are nonexclusive examples of methods a licensee may use to implement the requirements of sections three and four of this rule.

5.2. The licensee assesses risk by:

a. Identifying reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;

b. Assessing the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and

c. Assessing the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.

5.3. The licensee manages and controls risk by:

a. Designing its information security program to control the identified risks, commensurate with the sensitivity of the information and the complexity and scope of the licensee's activities;

b. Training staff, as appropriate, to implement the licensee's information security program; and

c. Regularly testing or otherwise regularly monitoring the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices shall be determined by the licensee's risk assessment.

5.4. The licensee oversees service provider arrangements by:

a. Exercising appropriate due diligence in selecting its service providers; and

b. Requiring its service providers to implement appropriate measures designed to meet the objectives of this rule, and, where indicated by the licensee's risk assessment, taking appropriate steps to confirm that its service providers have satisfied these obligations.

5.5. The licensee monitors, evaluates and adjusts, as appropriate, its information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to customer information systems.

Disclaimer: These regulations may not be the most recent version. West Virginia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.