April 13, 2022 – Information Shield today announced support for the new 2022 proposed SEC Cyber Risk requirements. Organizations can address the new security policy and record-keeping requirements in a single integrated solution.
“The SEC has continued to refine the requirements for investment groups to protect information.” Said David Lineman, President of Information Shield. “This new proposed rule makes it clear that management accountability is just as important as technical security tools. Management teams must not only implemented technical solutions, but demonstrate accountability by clearly documenting and maintaining key elements of their cyber risk management program.”
What is SEC Cyber Security?
The US Securities and Exchange Commission (SEC) has been slowly adding cyber-security related requirements to the governance and reporting of registered investment advisors and fund managers. Previous guidance from the OCIE set down some specific cyber security requirements that will be examined during audits. The 2022 proposed rule enhances previous guidance with new requirements for record keeping and reporting regarding cyber security incidents. In short, investment companies are required to define, document and implement a robust cyber security program to protect client financial data. But they must be prepared to “show their work” with key policies, plans and evidence
Addressing SEC Cyber Risk Requirements
The ComplianceShield platform from Information Shield enables organizations to address many of these requirements in a single, integrated platform. Within minutes, organizations can use the Compliance Wizard to define a robust cyber security program that addresses all of the key SEC security requirements.
Risk Management Program – ComplianceShield enables organizations to define a cyber control baseline (program) that addresses key risks to organizational assets. Compliance measurement and tracking enables management visibility and accountability into the program implementation.
Security Policies and Procedures – The Common Policy Library (CPL) is a robust library of pre-written security policy templates that address all key required security areas including: Access Control, Risk Management, Data Protection, Response and Recovery and Incident Reporting.
Cyber Books and Records – The ComplianceShield platform acts as a single source of truth for everything related to cyber compliance. The platform tracks the implementation of the cyber security program and also evidence supporting the compliance process. Cyber Security incidents can be tracked and analyzed in order to support SEC reporting requirements.
Free Trial Available
A free 14 trial of ComplianceShield is available at Information Shield. Organizations can get up and running in under 15 minutes. For a 30 minute ComplianceShield demo, questions or more information please contact us.