<html> <head> <title>Rule 20:06:45:23 Assess risk.</title> <META NAME="Keywords" Content="Administrative Rules 20:06:45:23"> <META NAME="Description" Content="Administrative Rules 20:06:45:23 Assess risk."> <meta name=Generator content="Microsoft Office HTML Filter 2.0"> <meta http-equiv=Content-Type content="text/html; charset=windows-1252"> <meta name=Originator content="Microsoft Word 10"> <style> <!-- --> </style> </head> <body lang=EN-US> <div> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <b>20:06:45:23.&nbsp;&nbsp;Assess risk.</b> The licensee:</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (A)&nbsp;&nbsp;Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems;</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (B)&nbsp;&nbsp;Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (C)&nbsp;&nbsp;Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <b>Source:</b> 29 SDR 48, adopted September 20, 2002, effective March 1, 2003; 31 SDR 67, effective November 14, 2004.</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <b>General Authority:</b> SDCL <A HREF="/statutes/DisplayStatute.aspx?Type=Statute&Statute=58-2-40">58-2-40</A>, <A HREF="/statutes/DisplayStatute.aspx?Type=Statute&Statute=58-2-41">58-2-41.</A></p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <b>Law Implemented:</b> SDCL <A HREF="/statutes/DisplayStatute.aspx?Type=Statute&Statute=58-2-40">58-2-40</A>, <A HREF="/statutes/DisplayStatute.aspx?Type=Statute&Statute=58-2-41">58-2-41.</A></p> </div> </body> </html>