The actions and procedures described in this section are examples of methods of implementation of the requirements of Sections 5 and 6 of this regulation. These examples are non-exclusive illustrations of actions and procedures that licensees may follow to implement Sections 5 and 6 of this regulation.
The licensee monitors, evaluates and adjusts, as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements and changes to customer information systems.
3 CCR 702-6-4-2-7