Section R. 500.556 - Assess risk; exampleRule 6. To assess risk, a licensee may do all of the following:
(a) Identify reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems.(b) Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.(c) Assess the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.Mich. Admin. Code R. 500.556