Alaska Stat. § 21.23.250
(a) A licensee shall conduct a risk assessment commensurate with the size and complexity of the licensee and in consideration of the nature and scope of the licensee's activities to evaluate the security and confidentiality of nonpublic information used by or in the possession or control of the licensee. In conducting the risk assessment, the licensee shall
(3) assess the sufficiency in each area of the licensee's operations of the licensee's policies, procedures, information systems, and other safeguards in place to manage the threats identified in (1) of this subsection, including the areas of