NYDFS Cybersecurity Regulations - INVAR Technologies

NYDFS Cybersecurity Regulations

Are you compliant with the new NYDFS Cybersecurity Regulations?

Get compliant with NYDFS 23 NYCRR 500 today with our simple certification packages.
arrow
topHeaderImg

INVAR Compliance Packages

We offer two certification plans -Do-it-Yourself and a Fully Managed Service

Do-it-Yourself

DFS Cybersecurity Certification
  • Checklist of actionable tasks which, if followed through completely, will ensure compliance with New York State Cybersecurity DFS 23 NYCRR 500
Employee Security Training & Certification
  • Online security classes and quizzes for all employees
  • Security training certificate for compliance
  • 1-2 minute training modules and videos
  • Management notifications of non-completion
Simulated Phishing Attack Platform
  • Simulated phishing emails test employee awareness
  • Ability to track and report employee actions
  • Upon failure employee is taken to additional mandatory training
Security Policies and Procedures
  • All policies required for DFS regulatory compliance
  • Compliance ready editable policy & procedures templates
  • Collaborations and acknowledgment platform
  • Repository of approved, live procedures for immediate access & action
  • Concise instructions, and checklists, on how to fill out forms
Penetration Testing
  • External, full scale, penetration test
  • Data segregation analysis guide
  • Penetration test results and recommendations
  • Policy creation and submission to superintendent
arrow

Full Managed Service

DFS Cybersecurity Certification
  • Checklist of actionable tasks which, if followed through completely, will ensure compliance with New York State Cybersecurity DFS 23 NYCRR 500
Employee Security Training & Certification
  • Online security classes and quizzes for all employees
  • Security training certificate for compliance
  • 1-2 minute training modules and videos
  • Management notifications of non-completion
Simulated Phishing Attack Platform
  • Simulated phishing emails test employee awareness
  • Ability to track and report employee actions
  • Upon failure employee is taken to additional mandatory training
Security Policies and Procedures
  • All policies required for DFS regulatory compliance
  • Compliance ready editable policy & procedures templates
  • Collaborations and acknowledgment platform
  • Repository of approved, live procedures for immediate access & action
  • Concise instructions, and checklists, on how to fill out forms
Penetration Testing
  • External, full scale, penetration test
  • Data segregation analysis guide
  • Penetration test results and recommendations
  • Policy creation and submission to superintendent
vCISO Service
  • Complete cyber security program planning and documentation
  • Guaranteed compliance with DFS regulatory filing requirements
  • CISO delegation
  • All regulatory REPORTING provided to management
  • Work with your IT team to remediate issues identified during penetration testing
  • Navigate compliance roadmap
  • Data segregation assessment
  • Third Party risk assessment for all vendors
Annual Security Risk Assessment
  • Risk assessment report
  • Additional security recommendations
  • Threats analysis/risk determination
$100,000 Financial Protection
  • Breach Response Services
  • Backed by an AIG Insurance policy
  • Breach forensics and counseling
  • Breach notification and credit monitoring
arrow

Why work with us

outsource_icon

Outsource or In-house?

We offer two simple packages - Either 'Do-It-Yourself' in-house, or, the option most companies choose to go with, the ‘Full Managed Service’ - Outsource the work to us, knowing that you will get compliant!

We make it easy for you!

With our full-service package, we take care of your risk assessment, cybersecurity policies and we act as your designated CISO, ensuring that you are fully compliant with the regulation.

we_make_it2
a_risk_free

A risk-free way to get certified

Yes, that’s right. If you purchase our program and don’t receive your DFS 23 NYCRR 500 certification, we will give you a full refund*. It’s a win-win!

*DIY package customers must follow the program and checklist that is set out in order to qualify for the money-back guarantee

100% Money-back guarantee

The NY Department of Financial services (NYDFS) recently announced the state’s first regulation requiring formal cybersecurity programs for financial institutions. If you’re a NYDFS regulated company, it’s time to get your house in order and get certified. The last thing you want is a hefty fine from the authorities when compliance can be handled easily.

Frequently asked questions

You are required to be compliant now!

The transition period came to an end on August 28, 2017 and you must provide a Certification of Compliance to the DFS before February 15, 2018.
See the calendar of dates on the DFS website.

Whether you are a financial organization licensed by the DFS or operating in New York State, you will be affected by DFS 23 NYCRR 500. Organizations covered by the new cybersecurity regulations include:

  • Banks and trust companies
  • Insurance Companies
  • Mortgage Lenders
  • Investment Companies
  • Brokers & Dealers
  • Other financial service providers

You may be exempt from some parts of the regulation. If you fall into the following categories:

  • Fewer than 10 employees
  • Less than $5 million in gross annual revenue for three years
  • Less than $10 million in year-end total assets

For the full list of exemptions, read the regulation here.

Firstly, and most significantly, this NYDFS cybersecurity regulation requires covered entities to file an annual certification of compliance with the regulation. These Certifications of Compliance will commence February 15, 2018. According to the regulation, in order for organizations to reach the goals of the compliance, organizations must implement the following:

  • Cybersecurity Program (Section 500.02)
  • Cybersecurity Policies (Section 500.03)
  • Chief Information Security Officer (Section 500.04)
  • Penetration Testing and Vulnerability Management (Section 500.05)
  • Audit Trail (Section 500.06)
  • Application Security (Section 500.08)
  • Risk Assessments (Section 500.09)
  • Cybersecurity Personnel and Intelligence (Section 500.10)
  • Incident Response Plan (Section 500.16)

Read the 23 NYCRR PART 500 FAQ’s here.