In AS 45.48.510(3), due diligence ordinarily includes performing one or more of the following:
- (1) reviewing an independent audit of the third party's operations and its compliance with AS 45.48.500 — 45.48.590;
- (2) obtaining information about the third party from several references or other reliable sources and requiring that the third party be certified by a recognized trade association or similar organization with a reputation for high standards of quality review; or
- (3) reviewing and evaluating the third party's information security policies and procedures, or taking other appropriate measures to determine the competency and integrity of the third party.