NAIC Model Law Deadline is Nearing, Are You Ready?
7/29/2020Articles & Podcasts
With a little over two months before the Connecticut Insurance Data Security Law takes effect, and NH not far behind in January, it is critical to ensure your compliance program is ready for go-live.
As a reminder, the law requires companies to establish comprehensive cybersecurity risk management programs that will identify threats and inform and prioritize remediation efforts. Many of the requirements go beyond the typical internal controls organizations have in place in their environments.
Insurers must establish and implement an information security program, including 10 requirements:
A named individual appointed to oversee the program
A cybersecurity risk assessment process designed to identify, prioritize, and remediate threats to the organization
Establish a data classification program
Periodically review and assess defined safeguards
Implement encryption at rest and in transit
To view the rest of the list and read additional details, click here.