Go to previous versions of this Section
2023 (you are here)
2022
2021
2020
2019
Other previous versions

2023 Hawaii Revised Statutes
Title 24. Insurance
431. Insurance Code
431:3B-207 Incident response plan.

Universal Citation: HI Rev Stat § 431:3B-207 (2023)
Previous Next

§431:3B-207 Incident response plan. (a) As part of its information security program, each licensee shall establish a written incident response plan designed to promptly respond to and recover from any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in its possession, the licensee's information systems, or the continuing functionality of any aspect of the licensee's business or operations.

(b) The incident response plan shall address the following areas:

(1) The internal process for responding to a cybersecurity event;

(2) The goals of the incident response plan;

(3) The definition of clear roles, responsibilities, and levels of decision-making authority;

(4) External and internal communications and information sharing;

(5) Identification of requirements for the remediation of any identified weaknesses in information systems and associated controls;

(6) Documentation and reporting regarding cybersecurity events and related incident response activities; and

(7) The evaluation and revision, as necessary, of the incident response plan following a cybersecurity event. [L 2021, c 112, pt of §2]

Previous Next
Disclaimer: These codes may not be the most recent version. Hawaii may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.