Can I skip having an information security program in place in North Carolina? What are the requirements?

Information Security Program Requirements in North Carolina

No, you cannot skip having an information security program in place in North Carolina. According to NCGS 58-39-145, each licensee shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities ^[1.1].

Objectives of Information Security Program

The objectives of an information security program in North Carolina are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer ^[1.2].

Therefore, it is mandatory to have an information security program in place in North Carolina that meets the above requirements.

Source(s):

• [1.1] Information security program.
• [1.2] Objectives of information security program.

Jurisdiction

North Carolina

• Privacy