Ill. Admin. Code tit. 50, § 4003.80 – Manage and Control Risk | Midpage
§ 4003.80
Ill. Admin. Code tit. 50, § 4003.80
Manage and Control Risk
AUTHORITY: Implementing Article XXVI and Article XL of the Illinois Insurance Code [215 ILCS 5/Arts. XXVI and XL], and Title V of the Gramm-Leach-Bliley Act (15 USC 6801 through 6827) and authorized by Section 401 and Article XL of the Illinois Insurance Code [215 ILCS 5/401 and Art. XL].DEPARTMENT OF INSURANCE SUBCHAPTER tt: INSURANCE INFORMATION AND PRIVACY PROTECTION
a) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities;
b) Trains staff, as appropriate, to implement the licensee'’s information security program; and
c) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee’s risk assessment.