In AS 45.48.510(3), due diligence ordinarily includes performing one or more of the following:
(1) reviewing an independent audit of the third party's operations and its compliance with AS 45.48.500 - 45.48.590;
(2) obtaining information about the third party from several references or other reliable sources and requiring that the third party be certified by a recognized trade association or similar organization with a reputation for high standards of quality review; or
(3) reviewing and evaluating the third party's information security policies and procedures, or taking other appropriate measures to determine the competency and integrity of the third party.