Iowa Code § 507F.9

Current through March 29, 2024
Section 507F.9 - Cybersecurity event - third-party service providers
1. If a licensee becomes aware of a cybersecurity event in an information system maintained by a third-party service provider of the licensee, the licensee shall comply with section 507F.7, or the licensee may obtain a written certification from the third-party service provider that the provider is in compliance with section 507F.7. If the third-party provider fails to provide written certification to the licensee, the licensee shall comply with section 507F.7. The computation of the licensee's deadlines pursuant to section 507F.7 shall begin on the business day after the date on which the licensee's third-party service provider notifies the licensee of a cybersecurity event, or the date on which the licensee has actual knowledge of the cybersecurity event, whichever date is earlier.
2. This section shall not be construed to prohibit or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party for the other licensee, third-party service provider, or other party to execute the requirements under section 507F.6 or section 507F.7 on behalf of the licensee.

Iowa Code § 507F.9

2021 Acts, ch 79, §9, 17

Added by 2021 Iowa, ch 79, s 9, eff. 1/1/2022.