Our ongoing 23 NYCRR 500 Managed Compliance Services will help make and keep your business compliant with Cybersecurity Requirements for businesses and individuals regulated under the New York Department of Banking and Finance by working with you to complete a readiness assessment and then implement needed policies and technical safeguards.
If you are a covered entity under 23 NYCRR 500 you are required to have certain cybersecurity measures in place as well as a well documented set of administrative and physical policies and other controls in place by the stipulated compliance dates. Among other requirements, firms will be required to annually self-certify their compliance with the new law. For some companies in the financial sector that don't comply there could be penalties assessed including the removal of your license and fines that could range up to $250,000.00
Establish a standards based cybersecurity program that will include written information security policies to address how your organization will detect cybersecurity events, identify risks, and how procedures and policies will be executed in an effort to prevent unauthorized access to consumer and company personally identifiable information and other data (PII)
Provide ongoing employee cybersecurity training
Provide for Section 500.05 requirement for Penetration Testing and Vulnerability Assessments as well as Continuous Monitoring of your network as outlined in section 500.05
Provide the ability to track Third Party Service Providers. DCS' Managed 23 NYCRR Compliance service provides a Third Party Contract Security Addendum to ensure that Third Parties are protecting and complying with section 500.11
Incident response guidance as well as a complete security portal to store all of your organization's compliance documentation