044-54 Wyo. Code R. §§ 54-22 - Methods of Development and Implementation
(a) In assessing
the risk, the licensee:
(i) Identifies
reasonably foreseeable internal or external threats that could result in
unauthorized disclosure, misuse, alteration, or destruction of customer
information or customer information systems;
(ii) Assesses the likelihood and potential
damage of these threats, taking into consideration the sensitivity of customer
information; and
(iii) Assesses the
sufficiency of policies, procedures, customer information systems, and other
safeguards in place to control risks.
(b) In managing and controlling the risk, the
licensee:
(i) Designs its information security
program to control the identified risks, commensurate with the sensitivity of
the information, as well as the complexity and scope of the licensee's
activities;
(ii) Trains staff, as
appropriate, to implement the licensee's information security program;
and
(iii) Regularly tests or
otherwise regularly monitors the key controls, systems, and procedures of the
information security program. The frequency and nature of these tests or other
monitoring practices are determined by the licensee's risk
assessment.
(c) In
overseeing the service provider arrangements, the licensee:
(i) Exercises appropriate due diligence in
selecting its service providers; and
(ii) Requires its service providers to
implement appropriate measures designed to meet the objectives of this
regulation, and, where indicated by the licensee's risk assessment, takes
appropriate steps to confirm its service providers have satisfied these
obligations.
(d) In
adjusting the program, the licensee:
(i)
Monitors, evaluates, and adjusts, as appropriate, the information security
program in light of any relevant changes in technology, the sensitivity of its
customer information, internal or external threats to information, and the
licensee's own changing business arrangements, such as mergers and
acquisitions, alliances and joint ventures, outsourcing arrangements, and
changes to customer information systems.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.