Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I skip having an information security program in place in Nebraska? What are the requirements?

Based on the context documents, it is not possible to skip having an information security program in place in Nebraska. NEAC 210-77-04 requires each licensee to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities. Therefore, it is mandatory to have an information security program in place in Nebraska.

The requirements for the information security program are outlined in NEAC 210-77-04. The program must be comprehensive and include administrative, technical, and physical safeguards appropriate to the size and complexity of the licensee and the nature and scope of its activities. The purpose of the program is to protect customer information.

The objectives of the information security program are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer [1.2].

The licensee must monitor, evaluate, and adjust the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to customer information systems [1.3].

In summary, it is mandatory to have an information security program in place in Nebraska, and the program must be comprehensive and include administrative, technical, and physical safeguards appropriate to the size and complexity of the licensee and the nature and scope of its activities. The objectives of the program are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer. The licensee must monitor, evaluate, and adjust the information security program in light of any relevant changes [1.2][1.3].

Source(s):
Jurisdiction

Nebraska