The licensee:
- (a) Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;
- (b) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
- (c) Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.
Source. #8901, eff 7-1-07, EXPIRED: 7-1-15 New. #11015, eff 1-8-16