Category Archives: Regulatory Compliance

Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on a new fact sheet from both the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI). Changes in Cyber Security […]

Simplify Compliance with NYS-DFS Cyber Law

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]

Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the EPA water cyber security requirements? The U.S. Environmental Protection Agency (EPA) created a new memorandum in March 2023 to require public water […]

Simplify Compliance with NADA FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]

Compliance with NIS 2 Directive Cyber Security

NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament calls it “A high common level of cybersecurity in the EU.” NIS 2 replaces the original Network and Information Security (NIS) Directive, […]

Simplify NAIC Data Security Law Compliance

What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]

Simplify Compliance with FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]

Comply with new SEC Cybersecurity Risk Rules

In February 2022 the Securities and Exchange Commission (SEC) voted to enhance the cyber security requirements for registered investment advisers (including registered investment companies and investment funds). The proposed SEC cyber risk management rules would require advisers and funds to adopt and implement a program with written cybersecurity policies and procedures designed to address cybersecurity […]

How to Develop an IRS Data Security Plan

The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that handle sensitive customer information. Tax professionals can be ideal targets since electronic tax data contains lots of personal information that would be […]