Security Incident Response Policy and Procedures should be in place for institutions to have a security plan to protect the confidentiality and integrity of personal information.

Clients are also responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The plan should include;

•       designate one or more employees to coordinate the safeguards;

•       identify and assess the risks to customer information in each relevant area of the company's operation, and 

        evaluate the effectiveness of the current safeguards for controlling these risks;

•       design and implement a safeguards program, and regularly monitor and test it;

•       select appropriate service providers and contract with them to implement safeguards; and

•       evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business

        arrangements or operations, or the results of testing and monitoring of safeguards.