NYDFS 23 NYCRR 500 Services

NYDFS 23 NYCRR 500 Risk Assessment Services

In February of 2017 the New York Department of Financial Services (NYDFS) released regulation 23 NYCRR 500 - a new set of cybersecurity regulations for all covered financial institutions within the state. The regulation mandates that these organizations maintain a robust cybersecurity program including written policies and procedures, risk assessments, penetration testing, vulnerability scanning, designated Chief Information Security Officer (CISO), user access controls, among other areas. The implementation phase has ended and organizations are now required to be in full compliance or face fines and potential revocation of operating licenses.

Who needs to comply?

The NYDFS Cybersecurity Regulation applies to all entities operating under NYDFS licensure, registration, or charter, or which are otherwise DFS-regulated. Unregulated third-party service providers of regulated entities are also subject to this legislation. This includes banks, lenders, mortgage brokers, insurance companies, service providers, etc. Organizations that meet any of the following criteria may be exempt from certain requirements:

  • Entities with fewer than 10 employees
  • Entities with less than $5M in gross annual revenue from New York operations in each of the past three years
  • Entities with less than $10M in year-end total assets

Navigating the numerous requirements found within this legislation can be a challenge for any organization. Luckily, you don't have to go at it alone! Compass IT Compliance offers NYDFS 23 NYCRR 500 services to assist organizations in identifying risks, internal control weaknesses, and gaps in controls against the regulation. We break down the probability and impact of individual risks and outline appropriate remediation strategies.

Compass IT Compliance Services

  • NYDFS 23 NYCRR 500 Risk Assessment - Assess your current level of compliance with NYDFS 23 NYCRR 500, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the regulation
  • NYDFS 23 NYCRR 500 Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against NYDFS 23 NYCRR 500 requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy regulation requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the NYDFS 23 NYCRR 500 Risk Assessment, the NYDFS 23 NYCRR 500 Audit will include evidence sampling
  • NYDFS 23 NYCRR 500 Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to NYDFS 23 NYCRR 500, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to NYDFS 23 NYCRR 500

Let Compass IT Compliance assist your organization in assessing any risks present through our NYDFS 23 NYCRR 500 services so you can secure your cyber environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Finance Blog Posts

Contact Us