The licensee:
- (1) Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.
- (2) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.
- (3) Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.
Cross References
This section cited in 31 Pa. Code § 146c.5 (relating to examples of methods of development and implementation).