NYS-DFS 23 NYCRR 500 Compliance Assistance

The New York State Department of Financial Services’ (“NYS-DFS”) New York State Law 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies (“23 NYCRR 500”) went into effect on March 1, 2017. 23 NYCRR 500 requires that firms meeting the regulation’s definition of “Covered Entity” have certain cybersecurity measures in place by the stipulated compliance dates. Among other requirements, firms will be required to self-certify their compliance with 23 NYCRR 500. The two-year transitional period ends on March 1, 2019. ACA Aponix can help.

HOW ACA APONIX CAN HELP

Readiness Assessment

For financial services firms that meet the regulation’s definition of Covered Entity, ACA Aponix’s team of experienced consultants can assist with assessing such firms’ readiness to comply with the requirements of 23 NYCRR 500. As part of such assessment, ACA Aponix will review your firm’s cybersecurity posture as you prepare for compliance with 23 NYCRR 500, and prepare a matrix of each of the 23 NYCRR 500 requirements that applies to your firm.

CISO Support Services

ACA Aponix can assist financial services firms with satisfying the 23 NYCRR 500 requirement to have a full-time Chief Information Security Officer (“CISO”) on staff. ACA Aponix can make available to your firm a dedicated senior consultant who can support your existing CISO by advising on the CISO functions and attending meetings, calls, emails, and/or conducting on-site visits.