NYDFS Part 500 -
cybersecurity requirements for Financial Services Companies

While the SME (Small and Medium size Enterprise) are exempt from many of the regulation requirements, several key elements are required. We can provide the following required deliverables.

Cybersecurity Program

  • Control Implementation Guide: An action plan to incorporate cyber security controls into your organization.

  • An Asset Detail Report: Providing critical knowledge about your computer environment.

  • Consulting Services: One-on-one discussions to assist in setting up security controls in your environment.

Required Policies

  • An Information Security Policy: Your comprehensive document that clearly outlines the procedures and standards we have developed together

  • An Acceptable Use Agreement: A contract for employees that clearly communicates your organization's policies

  • Data Classification Matrix: Providing a clear understanding of organizational information and its requirements

  • 3rd Party Policies: Ensuring the security of information available to your Third Party Service Providers

  • Additional Policies are available

Annual Audit & Assessment

  • Risk Report: Your risk report outlines discovery tasks, any found issues, asset inventory summary, and much more.

  • Security Policy Assessment: Reviewing systems compliance with critical control settings