NY DFS 23 NYCRR Part 500 – The countdown has already begun, are you prepared…?
If you didn’t already qualify for a limited exemption with one of the following criteria:
- Fewer than 10 employees (including independent contractors)
- Less than $10 million in year-end total assets
- Less than $5 million in gross revenue
You should be aware of these key dates to ensure your organization or agency is meeting compliancy in a timely manner:
- August 28, 2017 – 180 day transitional period ends. Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.
Start work on your risk assessments and security program reviews today!
- September 27, 2017 – Initial 30 day period for filing Notices of Exemption under 23 NYCRR 500.19(e) ends. Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) as of August 28, 2017 are required to file a Notice of Exemption on or prior to this date.
- February 15, 2018 – Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date.
Remember, starting February 15, 2018 and every February 15th hereafter, is the date you must file your annual certification of compliance.
- March 1, 2018 – One year transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.
What we at Cloud and Things can do for you:
- Develop your written cybersecurity policy
- Define and help implement a limited access on privilege accounts policy
- Outline a limitations on data retention strategy
- Perform your annual risk assessment of all information systems
- Provide subject matter expertise on how to develop and document a notice to the New York Department of Financial Services
- Cybersecurity Regulations superintendent when a cybersecurity event occurs.
If you have questions or wish to discuss an effective and easy approach to completing your regulatory requirements for 2017, the Cloud and Things, Inc. team bring a wealth of knowledge and audit experience dealing with cybersecurity programs as defined by the NYS DFS. You can contact me Edward Nadareski or call Cloud and Things, Inc. and schedule an appointment to speak with one of our cybersecurity experts today!