It’s no surprise that when it comes to business continuity planning, cyber security is the number one concern for organizations and businesses who deal with sensitive customer data, as they are most likely to be the target of an attack. New York is one of the many states that has been on the forefront of providing guidance and regulation for this type of incident management.
In early 2017, the state’s Department of Financial Services, set 23 NYCRR 500 regulations, for insurers and financial service institutions, requiring them to establish and maintain formal cyber security programs, noting that, “the seriousness of the issue and the risk to all regulated entities, certain regulatory minimum standards are warranted, while not being overly prescriptive so that cybersecurity programs can match the relevant risks and keep pace with technological advances.”
Here’s What You Need to Know
Any entity required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law must:
- Establish a written incident management and response plan
- Adhere to staffing requirements, including appointment of a Chief Information Security Officer
- Limit access privileges to information systems
- Enact vendor risk-management program, policies and procedures
- Destroy nonpublic information periodically and securely
- Conduct frequent cybersecurity training
- Notify the NY DFS of any breach within 72 hours
As of August 28, 2017, the state’s allotted 180-day transition period ends, requiring insurers and financial service entities to be compliant with all 23 NYCRR 500 requirements.
Are you ready?
Maintain your program’s alignment with these regulatory standards through the help of a comprehensive business continuity planning solution. By finding a solution that helps you quickly change your plan structure to meet compliance needs can ensure you are prepared to recognize cyber security threats and engage locally before these incidents lead to major interruptions.
For industry tips and to keep up-to-date in the evolving software space, subscribe to the Assurance Software blog.
Topics: Cyber Security
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. AssuranceCM and AssuranceNM work together to allow your business to manage recovery seamlessly – protecting every aspect of your business.