Also called “Part 500”, 23 NYCRR 500 stands for Title 23 of the New York Codes, Rules, and Regulation, Part 500. The purpose of this regulation is to protect consumer data by setting cyber security requirements for financials institutions who operate in the state of New York.
This regulation applies to anyone licensed, registered, chartered, certified, permitted, or accredited to operate under banking law, insurance law, or financial services law, with the intention of protecting customer information, information systems, and other non-public information (including those held by these covered entities’ third party service providers) from cybersecurity risks or threats.
The first step to becoming compliant is to assign a CISO and put together a compliance team.
From there you’ll want to conduct a risk assessment, implement controls, and submit your first certification of compliance to the NYDFS.
If you have questions regarding compliance for this regulation or any others, the professionals at Red Lion are always here to help. Just contact us below and we’d be glad to lend a helping hand.
Do you still have questions regarding 23 NYCRR 500? Our compliance professionals can help your organization become compliant, regardless of complexity.Contact Us Today