CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES 23 NYCRR 500

23 NYCRR 500

CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES

 

icon_13

NEW YORK STATE

DEPARTMENT OF FINANCIAL SERVICES

PROPOSED

“Section 500.03 Cybersecurity Policy.

(a) Cybersecurity Policy. Each Covered Entity shall implement and maintain a written cybersecurity policy setting forth the Covered Entity’s policies and procedures for the protection of its Information Systems and Nonpublic Information stored on those Information Systems. The cybersecurity policy shall address, at a minimum, the following areas:

(1) information security;

(2) data governance and classification;

(3) access controls and identity management;

(4) business continuity and disaster recovery planning and resources;

(5) capacity and performance planning;

(6) systems operations and availability concerns;

(7) systems and network security;

(8) systems and network monitoring;

(9) systems and application development and quality assurance;

(10) physical security and environmental controls;

(11) customer data privacy;

(12) vendor and third-party service provider management;

(13) risk assessment; and

(14) incident response

Section 500.20 Effective Date. This part will be effective January 1, 2017. Covered Entities will be required to annually prepare and submit to the superintendent a Certification of Compliance with New York State Department of Financial Services Cybersecurity Regulations under Section 500.17 commencing January 15, 2018 …”

What are 23 NYCRR 500 for Financial Services Requirements?

http://www.dfs.ny.gov/legal/regulations/proposed/rp500t.pdf

Want Easy Access to
Data Security that Works?

Secure your Sensitive Data, including from  Remote Users



Try it for Free

Take the Next Step to Stop Data Breaches