N.Y. Comp. Codes R. & Regs. tit. 11, § 421.6 – Manage and control risk. | Midpage
§ 421.6
N.Y. Comp. Codes R. & Regs. tit. 11, § 421.6
Manage and control risk.
Insurance
(a) designs its information security program to control the identified risks, commensurate with the sensitivity of the information as well as the complexity and scope of the licensee's activities;
(b) trains staff, as appropriate, to implement the licensee's information security program; and
(c) regularly tests the key controls, systems and procedures of the information security program. The frequency and nature of such tests are determined by the licensee's risk assessment.