Investor Presentaiton
QUESTION: What does being exempt mean?
Exemption
Fewer than 10 employees
Exempt From
Formal Information Security
Program (Section 38-99-20)
•
Risk Assessment
•
Risk Management
•
Board Oversight
•
Oversight of TPSP
Still Required
Compliance with other provisions
such as:
•
Investigation of Cybersecurity
Event
Notices of Cybersecurity Events
to the Director
Program Adjustments
•
Incident Response Plans
Annual Certifications
Licensee covered by the
Cybersecurity Program of Another
Licensee
Formal Information Security
Program (Section 38-99-20)
•
Risk Assessment
•
Risk Management
•
Board Oversight
•
Oversight of TPSP
Compliance with other provisions
such as:
•
Investigation of Cybersecurity
Event
Notices of Cybersecurity Events
to the Director
•
Program Adjustments
Incident Response PlansView entire presentation