Indiana Code 27-2-27-16. Information security program; requirements
Current as of: 2023 | Check for updates
|
Other versions
Sec. 16. (a) A licensee shall develop, implement, and maintain a comprehensive, written information security program that:
(2) contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensee’s information systems.
(1) is based on the risk assessment required under section 17 of this chapter; and
Terms Used In Indiana Code 27-2-27-16
- consumer: means a resident of Indiana whose nonpublic information is in a licensee's possession, custody, or control. See Indiana Code 27-2-27-4
- information security program: means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information. See Indiana Code 27-2-27-8
- licensee: means a person that is:
Indiana Code 27-2-27-10
- nonpublic information: means electronic information that is not publicly available information and is described in either of the following subdivisions:
Indiana Code 27-2-27-12
- risk assessment: means the assessment a licensee is required to conduct under section 17 of this chapter. See Indiana Code 27-2-27-14
(b) An information security program must accomplish the following:
(1) Protect the security and confidentiality of nonpublic information and information systems.
(2) Protect against any threats or hazards to the security or integrity of nonpublic information and information systems.
(3) Protect against unauthorized access to or use of nonpublic information and minimize the likelihood of harm to a consumer.
(4) Define and periodically reevaluate a schedule for retention of nonpublic information and a procedure for its destruction when no longer needed.
As added by P.L.130-2020, SEC.10.