4.D(1)—Program Design Based on Risk
>Control Description
Design its Information Security Program to mitigate the identified risks, commensurate with the size and complexity of the Licensee's activities, including its use of Third-Party Service Providers, and the sensitivity of the Nonpublic Information used by the Licensee or in the Licensee's possession, custody, or control.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.