New York Cybersecurity Regulation: 23 NYCRR Part 500 Compliance Services

The New York State Department of Financial Services (DFS) has enacted new regulations for New York based financial services companies and other regulated entities.  The 23 NYCRR Part 500 Regulation (NYCRR) was developed to ensure that companies and individuals dealing with sensitive financial information maintain a minimum set of technical and administrative security controls, and an information security program sufficient for protecting sensitive financial data and systems.

The NYCRR went into effect in March of 2017, and applies to all Covered Entities (defined as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”). If you are a Covered Entity, such as a Bank, Mortgage Lender, Insurance Company, HMO, or Retirement Community incorporated in New York then the Regulation likely applies to you.   


BSI's Approach

BSI Consulting Services NYCRR engagement follows a progression of phases, intended to help your organization meet full compliance with the Regulation: