Cal. Code Regs. Tit. 10, § 2689.17 - Manage and Control Risk

Current through Register 2021 Notice Reg. No. 52, December 24, 2021

The licensee:

(a) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information as well as the complexity and scope of the licensee's activities.
(b) Trains staff, as appropriate, to implement the licensee's information security program; and
(c) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of the tests are determined by the licensee's risk assessment.


Cal. Code Regs. Tit. 10, § 2689.17

Note: Authority cited: Sections 791- 791.27, Insurance Code; and 15 U.S.C. Sections 6801, 6805,6807 and 6824. Reference: Section 791, Insurance Code; and 15 U.S.C. Section 6825.

1. New section filed 11-22-2002; operative 3-24-2003 (Register 2002, No. 47).

The following state regulations pages link to this page.

State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.