The final regulation requires banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.
|1. Has my company done a risk assessment to determine our cybersecurity risk and what gaps we need to fill to get into compliance?|
|2. Do we have a well-documented cybersecurity policy, based on my risk assessment, to protect the confidentiality, integrity, and availability of my information systems?|
|3. Does my organization have written information security policies? Do they address the fourteen areas mandated by the DFS regulations?|
|4. Are we retaining a qualified chief information security officer, whether internal or outsourced, to provide oversight?|
|5. Do we have access control processes in place to ensure that data and systems access are being properly controlled?|
|6. Are our breach notification processes complete and up to date?|
|7. How is our information security program keeping up to date with new threats and risks?|
|8. Does my organization have an ongoing threat management and training program for employees?|
If you have any questions about this update or would like to further discuss your cybersecurity plan, please contact a member of Withum’s Cyber Secure Services Group by filling in the form below.
To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.