The licensee monitors, evaluates, and adjusts, as appropriate, the information security program in light of any relevant changes in:
- (1) Technology;
- (2) The sensitivity of its customer information;
- (3) Internal or external threats to information; and
(4) The licensee’s own changing business arrangements, such as:
- (A) Mergers and acquisitions;
- (B) Alliances and joint ventures;
- (C) Outsourcing arrangements; and
- (D) Changes to customer information systems.