In AS 45.48.510
(3), due diligence ordinarily includes performing one or more of the following:


(1) reviewing an independent audit of the third party's operations and its compliance with AS 45.48.500
- 45.48.590;


(2) obtaining information about the third party from several references or other reliable sources and requiring that the third party be certified by a recognized trade association or similar organization with a reputation for high standards of quality review; or


(3) reviewing and evaluating the third party's information security policies and procedures, or taking other appropriate measures to determine the competency and integrity of the third party.