Skip to main content

What is an information security program?

An information security program is the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information.

Your information security program must be in writing and commensurate with the size and complexity of your operation and the nature and scope of your activity. This includes your use of third-party service providers and how sensitive the nonpublic information used by you or in your possession, custody, or control. Please see MCL 500.555 for a detailed description of what is required in your information security program.