Knowledge

9/4/2018

DFS 500 Cyber Security Regulation Compliance Deadline: September 4th

Digital Edge Cybersecurity Compliance Team wants to remind you that all DFS Regulated Financial Services Companies are required to comply with the Regulation’s Governance Policies and Procedures, as well as Risk Based Monitoring Systems Requirements and Encryption Programs for Nonpublic Information by September 4, 2018.

 

Beginning on September 4, 2018, banks, insurance companies, and other financial services institutions regulated by DFS are required to have come into compliance with several additional provisions of the cybersecurity regulation that are vital to the governance and components of a robust financial services cybersecurity program.

 

“September 4th marks another important milestone in further protecting the financial services industry and the consumers they serve from the threat of cyber-attacks thanks to DFS’s landmark cybersecurity regulation,” said DFS Superintendent Maria T. Vullo. “New York stepped into the void and took decisive action to ensure appropriate minimum standards protecting financial institutions’ data systems, including consumers’ sensitive personal information. These new protections, which include encryption, access controls and audit trails, add crucial tools to the regulation’s prior requirements in protecting the institutions and consumers.”

 

Starting September 4th, companies will be required to have commenced mandatory annual reporting to the board by the Chief Information Security Officer concerning critical aspects of the cybersecurity program, have an audit trail designed to reconstruct material financial transactions sufficient to support normal operations in the event of a breach, and will need to have policies and procedures in place to ensure the use of secure development practices for IT personnel that develop applications for the Covered Entity. Companies also must implement encryption to protect nonpublic information held or transmitted by the company. Entities are also required to have developed policies and procedures to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.

 

Additionally, Digital Edge would like to remind regulated entities that under DFS’s regulation, if they utilize Third-Party Service Providers, they must evaluate the risk that any Third-Party Service Providers pose to the security of those systems and data and ensure those systems and data are protected by March 1, 2019.

 

How Digital Edge Can Help

As cybersecurity incidents continue to increase in frequency and severity, public companies and financial institutions should expect and prepare for increased regulatory scrutiny in the months ahead.

 

Digital Edge is an expert in ISO standards, and is certified by the International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

 

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on StabilitySecurityEfficiency and Compliance

 

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?

 

Danielle Johnsen
VP of Compliance

Danielle V. Johnsen joined the Digital Edge team in 2015 as the VP of Compliance.  With a passion for information security and organizational compliance, Danielle’s vision is to enable collaboration between 'The Business' and Information Technology, thus creating common objectives and outcomes that benefit the organization, while staying in compliance with all regulatory bodies and companywide policies. Specializing in security frameworks and policies such as: ISO 9001, ISO 27001, NYS DFS 500, NIST, HIPPA, GDPR, PCI, OSPAR, and more! 
 

 

Was this article helpful?