NYS DFS 23 NYCRR Part 500 Cybersecurity Assessment

New York State’s DFS 23 NYCRR Part 500 mandates cybersecurity requirements for financial-services companies including banks, insurance companies, and many other businesses in the financial industry. The regulation provides an outline of what you are required to do to protect your customer’s data. There are quite a few requirements and unfortunately, not being aware of them is not a defense. Follow the steps below to protect your business.

1) Find Out If Your Company is a Covered Entity

Search here to see if your company is supervised by the New York State Department of Financial Services.

2) If You Are a Covered Entity, Familiarize Yourself with the Regulations

3) Get a Cybersecurity Assessment

A cybersecurity assessment will:

  • Identify gaps that may exist in your cybersecurity
  • Identify where you are out of compliance with the regulation
  • Identify solutions & processes that will help you become compliant
  • Provide you with a security roadmap for your business

4) Implement the Necessary Solutions & Procedures

It’s important that you make an effort to comply with the regulations. The state understands it’s a big undertaking and they’re looking for you to make progress toward being completely compliant. Start closing the gaps by implementing as many solutions as possible.

5) Perform an Annual Assesment or Security Audit

Compliance is not a one and done endeavor. To stay compliant, you must make sure the things you committed to doing are still being done.

Call (631) 756–0404 to Find Out How We Can Help You With NYS DFS 23 NYCR Part 500