The NYCRR primarily contains state agency rules and regulations adopted under the State Administrative Procedure Act (SAPA). The 23 Titles include one for ea“>ch state department, one for miscellaneous agencies and one for the Judiciary. The Office of Court Administration and the Judiciary are exempt from SAPA requirements.
The NYDFS issued the final Cybersecurity Regulation (23 NYCRR Part 500) in response to the growing sophistication of cybercriminals and the increasingly volatile cybersecurity climate facing US financial institutions. The goal of the regulation is to ensure the safeguarding of sensitive customer data and to promote the integrity of the information technology systems of regulated entities.
The regulation went into effect on March 1, 2017, with implementation to occur within 180 days (August 28, 2017); it affects entities regulated by the New York Department of Financial Services (DFS).
The requirements outlined by this new regulation include:
The NYDFS Cybersecurity Regulation covers any organization operating in the state of New York under authorization of the Banking Law, the Insurance Law, or the Financial Services law.
A Covered Entity is exempt from certain provisions of the regulations if it has:
Certain entities that do not handle classes of nonpublic information are also exempt from certain provisions. 23 NYCRR 500.19(c) and (d).
If an entity qualifies for one of the exemptions, it must file a Notice of Exemption within 30 days of the determination of the exemptions 23 NYCRR 500.19(e).
According to the new cyber security NYDFS regulations, it is mandatory for all covered entities to implement and file the regulations by August 28th, 2017. Those who are not compliant by this deadline will be penalized. The Compliance Experts at CompCiti will not only ensure that you are compliant, but will help you to implement a more effective, long-term cyber security protocol in the process.
CompCiti Business Solutions, Inc. provides clients what few other IT companies in New York can: expertise and insights developed since business networking began. CompCiti’s focus on cybersecurity and cyber management services set it above other business network services. CompCiti secures networks and other IT systems against all cyber threats including viruses, hackers, and ransomware. Cybersecurity, networking, and managed IT services, all supported by 24/7 emergency service since 1996.
Contact CompCiti today for a free needs assessment. We’ll explain to you what you need to do for full DFS compliance and how we can help you every step of the way.