Iowa Code 507F.9 – Cybersecurity event — third-party service providers
Current as of: 2024 | Check for updates
|
Other versions
507F.9 Cybersecurity event — third-party service providers.
1. If a licensee becomes aware of a cybersecurity event in an information system maintained by a third-party service provider of the licensee, the licensee shall comply with § 507F.7, or the licensee may obtain a written certification from the third-party service provider that the provider is in compliance with § 507F.7. If the third-party provider fails to provide written certification to the licensee, the licensee shall comply with section
507F.7. The computation of the licensee’s deadlines pursuant to § 507F.7 shall begin on the business day after the date on which the licensee’s third-party service provider notifies the licensee of a cybersecurity event, or the date on which the licensee has actual knowledge of the cybersecurity event, whichever date is earlier.
2. This section shall not be construed to prohibit or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party for the other licensee, third-party service provider, or other party to execute the requirements under § 507F.6 or § 507F.7 on behalf of the licensee.
2021 Acts, ch 79, §9, 17
1. If a licensee becomes aware of a cybersecurity event in an information system maintained by a third-party service provider of the licensee, the licensee shall comply with § 507F.7, or the licensee may obtain a written certification from the third-party service provider that the provider is in compliance with § 507F.7. If the third-party provider fails to provide written certification to the licensee, the licensee shall comply with section
507F.7. The computation of the licensee’s deadlines pursuant to § 507F.7 shall begin on the business day after the date on which the licensee’s third-party service provider notifies the licensee of a cybersecurity event, or the date on which the licensee has actual knowledge of the cybersecurity event, whichever date is earlier.
2. This section shall not be construed to prohibit or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party for the other licensee, third-party service provider, or other party to execute the requirements under § 507F.6 or § 507F.7 on behalf of the licensee.
2021 Acts, ch 79, §9, 17