The final latest Cybersecurity Regulation (23 NYCRR Part 500) issued by the New York Department of Financial Services (NYDFS) in response to the cybercriminals growing sophistication and increasingly volatile cybersecurity climate that is facing the financial institutions of the US is set with a goal to ensure the safeguarding of sensitive customer data and to promote the integrity of the information technology systems of regulated entities. This regulation went into effect on March 1, 2017, and got implemented on August 28, 2017. There are various requirements that have been outlined by this new regulation which includes the appointment of Chief Information Security Officer (CISO), establishing a cybersecurity program, implementing and maintaining a written cybersecurity policy, annual penetration tests and Bi-annual vulnerability assessments, evaluation, assessment and testing security of in-house and external technology applications and a lot more.
This 23 NYCRR Part 500 cybersecurity regulation cover entities regulated by the s all the organizations in the state of New York under authorization of the Banking Law, the Insurance Law, or the Financial Services Law. But there are some entities that are exempted from certain provisions of the regulation that have less than ten employees, less than $5 million in gross annual revenue for three years or less than $10 million in total year-end assets. Certain entities that do not handle classes of nonpublic information are also exempt from certain provisions 23 NYCRR 500.19 (c) and (d). If an entity qualifies for one of the exemptions, it must file a Notice of Exemption within 30 days of the determination of the exemptions 23 NYCRR 500.19(e). And as per this new regulation, it is mandatory for all the covered entities to have to implement and file the regulations by the deadline, i.e. August 28, 2017. And those who are not compliant by this deadline will could be penalized. And the compliance experts at CompCiti helps by ensuring that their clients are compliant as well as help them in implementing a more effective and long termlong-term cybersecurity protocol in the process. SoSo, if you want to be compliant to the new 23 NYCRR Part 500 regulations and seek expert help then do consider CompCiti Business Solutions, Inc.
“According to the new cybersecurity NYDFS regulations, it is mandatory for all covered entities to implement and file the regulations by August 28th, 2017to comply with NYCRR Part 500. Those who are not compliant by this deadline will could be penalized. The Compliance Experts at CompCiti will not only ensure that you are compliant, but will help you to implement a more effective, long-term cybersecurity protocol policies in process.” – says a spokesperson at CompCiti Business Solutions, Inc.