Statutes, codes, and regulations
South Dakota Administrative Rules
Title 20 - PUBLIC SAFETYArticle 20:06 - INSURANCE
Chapter 20:06:45 - Privacy of consumer financial and health information
Section 20:06:45:24 - Manage and control risk

S.D. Admin. R. 20:06:45:24

Download
PDF
Current through Register Vol. 50, page 159, June 17, 2024
Section 20:06:45:24 - Manage and control risk

The licensee:

(A) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities;
(B) Trains staff, as appropriate, to implement the licensee's information security program; and
(C) Regularly tests or otherwise regularly monitors the key controls, systems, and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment.

S.D. Admin. R. 20:06:45:24

29 SDR 48, adopted September 20, 2002, effective 3/1/2003; 31 SDR 67, effective 11/14/2004.

General Authority: SDCL 58-2-40, 58-2-41.

Law Implemented: SDCL 58-2-40, 58-2-41.