§ 146c.7. Manage and control risk.
The licensee:
(1) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensees activities.
(2) Trains staff, as appropriate, to implement the licensees information security program.
(3) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensees risk assessment.
Cross References This section cited in 31 Pa. Code § 146c.5 (relating to examples of methods of development and implementation).
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.