Simplify NYS-DFS Compliance

The New York Department of Financial Services (DFS) cyber security law (NYCRR 500 Cyber Insurance Requirements for Financial Services Companies) sets forth a new regulatory framework that requires all financial institutions doing business in New York to adopt a formal and robust information security  program.  NYS-DFS sets a new precedent for state-level cyber security laws:  It requires senior management to formally attest to the effectiveness of the information security program.

Develop NYS-DFS Security Policies Quickly

Information Security Policies Made Easy provides complete security policy coverage for each NYS-DFS security policy requirement. Save time and money implementing policies by customizing our library of expert-written security policies. Our NYS-DFS Security Policy map shows how each policy within our library addresses the key requirements of NYS-DFS.Section 500.3 Information Security Policy.

» Learn More  » Request a Sample


Define ISO 27002 Roles and Responsibilities

Information Security Roles and Responsibilities Made EasySecurity Roles and Responsibilties provides expert guidance and templates for building an effective security organization. According to ISO 27002 section 6.6.1, information security roles and responsibilities must be defined and documented. Save your organization hundreds of hours of effort in developing and documenting your security organization.

» Learn More  » Request a Sample


Validate your Information Security Program ()

IT Security Made EasyUse ComplianceShield to help automate every aspect of an Information Security Management System (ISMS).   Develop and distribute security policies, define and document an ISO control framework, educate and train employees, and prepare and manage key evidence all in a single secure platform.   IT security compliance does not have to be difficult and expensive.

» Learn More  » Request a Sample



Information Security Policies and NYS-DFS

NYS-DFS specifically requires a set of written information security policies to support cyber risk management.

Section 500.03 Cybersecurity Policy.

Each Covered Entity shall implement and maintain a written policy or policies, approved by a Senior Officer or the Covered Entity’s board […] setting forth the Covered Entity’s policies and procedures for the protection of its Information Systems and Nonpublic Information stored on those Information Systems.

Section 500.03 goes on to list specific policy documents: (* All of which are included within our Common Policy Library)

(a) information security; *

(b) data governance and classification; *

(c) asset inventory and device management; (d) access controls and identity management; *

(e) business continuity and disaster recovery planning and resources; *

(f) systems operations and availability concerns; *

(g) systems and network security; *

(h) systems and network monitoring; *

(i) systems and application development and quality assurance; *

(j) physical security and environmental controls; *

(k) customer data privacy; *

(l) vendor and Third Party Service Provider management; (m) risk assessment; and *

(n) incident response. *

Enable Management Accountability

NYS-DFS is unique in that it requires senior management to officially attest to the effectiveness of the information security program.

Section 500.17 Notices to Superintendent.

(b) Annually each Covered Entity shall submit to the superintendent a written statement covering the prior calendar year. This statement shall be submitted by February 15 in such form set forth as Appendix A, certifying that the Covered Entity is in compliance with the requirements set forth in this Part.

Our ComplianceShield solution enables your organization to quickly establish a baseline of cyber security controls that address all elements of NYS-DFS.  Once your program is established, using ComplianceShield to track accountability, compliance status and evidence.

Contact us today for a Free 30 Minute Consultation on how your organization can streamline and demonstrate NYS-DFS compliance.