Sec. 19. (a) If the
licensee has a board of directors, the board of directors shall require the licensee’s executive management or its delegates to develop, implement, and maintain the licensee’s
information security program.
Ask an insurance law question, get an answer ASAP!
Click here to chat with a lawyer about your rights.
Terms Used In Indiana Code 27-2-27-19
- information security program: means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information. See Indiana Code 27-2-27-8
- licensee: means a person that is:
Indiana Code 27-2-27-10
- risk assessment: means the assessment a licensee is required to conduct under section 17 of this chapter. See Indiana Code 27-2-27-14
- third party service provider: means a person that contracts with a licensee to maintain, process, store, or otherwise is permitted access to nonpublic information through its provision of services to the licensee. See Indiana Code 27-2-27-15
(b) If the licensee’s executive management delegates any of its responsibilities under this section, it shall:
(1) oversee the development, implementation, and maintenance of the licensee’s information security program prepared by the delegate; and
(2) receive a report from the delegate concerning:
(A) the overall status of the information security program;
(B) the licensee’s compliance with this chapter; and
(C) material matters related to the information security program addressing such issues as:
(i) risk assessment;
(ii) risk management and control decisions;
(iii) third party service provider arrangements;
(iv) results of testing;
(v) cybersecurity events and management’s responses to cybersecurity events; and
(vi) recommendations for changes in the information security program.
As added by P.L.130-2020, SEC.10.