Risk assessment for information security
| Reviewed By | Internal Auditor Owner |
| URL: | https://www.gpo.gov/fdsys/pkg/CFR-2003-title16-vol1/pdf/CFR-2003-title16-vol1-sec314-4.pdf |
| Regulation Reference Cite | 16 CFR 314.4(b) |
| Level | Requirement |
| Oversight Unit | INFORMATION TECHNOLOGY-TECHNICAL SERVICES |
| Person Responsible | Brian Larson |
| Secondary Person Responsible | John Marra |
| President / VP Level | President |
| Description |
Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. |
| Contacts and Data Sources |
| Brian Larson and John Marra https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314/section-314.4 |
| Internal Notes |
| This compliance item has notes that are available internally to the oversight unit. Please contact the Risk Management Department for more information |