Simplify NYS-DFS Information Security Compliance
The New York Department of Financial Services (DFS) cyber security law (NYCRR 500 Cyber Insurance Requirements for Financial Services Companies) sets forth a new regulatory framework that requires all financial institutions doing business in New York to adopt a formal and robust information security program. NYS-DFS sets a new precedent for state-level cyber security laws: It requires senior management to formally attest to the effectiveness of the information security program.
Develop NYS-DFS Security Policies Quickly
Information Security Policies Made Easy provides complete security policy coverage for key information security and data privacy elements of NYS-DFS. Save time and money implementing policies by customizing our library of over 38 expert-written information security policies.
Streamline NYS-DFS Compliance
Use ComplianceShield to help automate every aspect of an Information Security and Data Privacy Program that addresses NYS-DFS. Use our easy-to-use software tool to define, deliver and demonstrate a cyber security program. IT security compliance does not have to be difficult and expensive.
Information Security Policies and NYS-DFS
NYS-DFS specifically requires a set of written information security policies to support cyber risk management.
Section 500.03 Cybersecurity Policy.
Each Covered Entity shall implement and maintain a written policy or policies, approved by a Senior Officer or the Covered Entity’s board […] setting forth the Covered Entity’s policies and procedures for the protection of its Information Systems and Nonpublic Information stored on those Information Systems.
Section 500.03 goes on to list specific policy documents: (* All of which are included within our Common Policy Library)
(a) information security; *
(b) data governance and classification; *
(c) asset inventory and device management; (d) access controls and identity management; *
(e) business continuity and disaster recovery planning and resources; *
(f) systems operations and availability concerns; *
(g) systems and network security; *
(h) systems and network monitoring; *
(i) systems and application development and quality assurance; *
(j) physical security and environmental controls; *
(k) customer data privacy; *
(l) vendor and Third Party Service Provider management; (m) risk assessment; and *
(n) incident response. *
Enable Management Accountability
NYS-DFS is unique in that it requires senior management to officially attest to the effectiveness of the information security program.
Section 500.17 Notices to Superintendent.
(b) Annually each Covered Entity shall submit to the superintendent a written statement covering the prior calendar year. This statement shall be submitted by February 15 in such form set forth as Appendix A, certifying that the Covered Entity is in compliance with the requirements set forth in this Part.
Our ComplianceShield solution enables your organization to quickly establish a baseline of cyber security controls that address all elements of NYS-DFS. Once your program is established, using ComplianceShield to track accountability, compliance status and evidence.
Contact us today for a Free 30 Minute Consultation on how your organization can streamline and demonstrate NYS-DFS compliance.