Section 500.557. Manage and control risk; example.

Latest version.

All data is extracted from pdf, click here to view the pdf.

Rule 7. To manage and   control risk, a licensee may do all of the following:

(a)     Design its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities.

(b)   Train staff, as appropriate, to implement the licensee's   information security program.

(c)    Regularly test or otherwise regularly monitor the key controls, systems, and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment.

History: 2004 AACS.

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        art.dialog.defaults.title = window.location.href;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');