EXAMPLES: Presently, the Applicable Laws do not require companies to designate a chief information security officer ("CISO"), establish a written Incident response plan or policy, conduct periodic <cyber risk> assessments or perform penetration tests or vulnerability assessments.
