- Contact Us
I recently wrote a blog post that discussed legislation in the State of New York that is set to take effect on January 1, 2017. This legislation will effect all financial institutions in the state around Cybersecurity and the development of a formal Cybersecurity program. Click here to review that post as it provides a good overview of the requirements for financial institutions as well as links to documents with even more information.One thing that I didn't cover in that post, hence this post, are the impacts that this legislation will have on vendors of financial institutions in New York. In the proposed legislation, there is an entire section devoted to each institution having a "Third Party Information Security Policy.”
Vendor management is nothing new in the financial institution space. Organizations need to ensure that the vendors they do business with take Information Security seriously. Some of the same holds true in this recently enacted New York legislation related to Cybersecurity Policies and is similar to Vendor Management Policies. Examples of the requirements include:
This is the standard and what each financial institution, across the country, should be doing. Managing your third-party risk is no longer a luxury, now it has become a business necessity. The new requirements as part of this legislation can be found in subsection (b) of Section 500.11 and includes the following:
That list is what language needs to be included in all contracts between a financial institution in New York and their third-party service providers. This is a specific, detailed list that could change how business is done in the financial services sector. In fact, this legislation is like the requirements of HIPAA / HITECH Regulations for both covered entities and their vendors (business associates).
This is all new and while the legislation takes effect in 3 weeks, financial institutions have until January 15, 2018 to comply. But, you can never get started too early, especially when there are such significant changes. As part of our monthly webinar series for December, we are going to be presenting on this exact topic. Whether you are a financial institution in New York or a third-party service provider, the information in this webinar will help you get ready for these changes. Details are below: