<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1839220839649228&amp;ev=PageView&amp;noscript=1"> NYDFS Cybersecurity Regulation Packages and Checklist



Are you compliant with the new NYDFS Cybersecurity Regulations? Get Your Free Checklist Today!


Get compliant with the latest regulations today with the checklist and our simple certification process.

arrow_image
headerImg


100% Money-back guarantee



The NY Department of Financial services (NYDFS) recently announced the state’s first regulation requiring formal cybersecurity programs for financial institutions. If you’re a NYDFS regulated company, it’s time to get your house in order and get certified. The last thing you want is a hefty fine from the authorities when compliance can be handled easily.




Why work with us



Outsource icon
Outsource icon
Outsource or In-house?

We offer two simple packages - Either 'Do-It-Yourself' in-house, or, the option most companies choose to go with, the ‘Full Managed Service’ - Outsource the work to us, knowing that you will get compliant!

We make it easy
We make it easy for you!

With our full-service package, we take care of your risk assessment, cybersecurity policies and we act as your designated CISO, ensuring that you are fully compliant with the regulation.

We make it easy
Risk Free
Risk Free
A risk-free way to get certified

Yes, that’s right. If you purchase our program and don’t receive your DFS 23 NYCRR 500 certification, we will give you a full refund*. It’s a win-win!

*DIY package customers must follow the program and checklist that is set out in order to qualify for the money-back guarantee


INVAR Compliance Packages

We offer two certification plans -Do-it-Yourself and a Fully Managed Service

Do-it-Yourself

  • Checklist of actionable tasks which, if followed through completely, will ensure compliance with New York State Cybersecurity DFS 23 NYCRR 500

  • Online security classes and quizzes for all employees
  • Security training certificate for compliance
  • 1-2 minute training modules and videos
  • Management notifications of non-completion

  • Simulated phishing emails test employee awareness
  • Ability to track and report employee actions
  • Upon failure employee is taken to additional mandatory training

  • All policies required for DFS regulatory compliance
  • Compliance ready editable policy & procedures templates
  • Collaborations and acknowledgment platform
  • Repository of approved, live procedures for immediate access & action
  • Concise instructions, and checklists, on how to fill out forms

  • External, full scale, penetration test
  • Data segregation analysis guide
  • Penetration test results and recommendations
  • Policy creation and submission to superintendent

arrow_image

Full Managed Service

  • Checklist of actionable tasks which, if followed through completely, will ensure compliance with New York State Cybersecurity DFS 23 NYCRR 500

  • Online security classes and quizzes for all employees
  • Security training certificate for compliance
  • 1-2 minute training modules and videos
  • Management notifications of non-completion

  • Simulated phishing emails test employee awareness
  • Ability to track and report employee actions
  • Upon failure employee is taken to additional mandatory training

  • All policies required for DFS regulatory compliance
  • Compliance ready editable policy & procedures templates
  • Collaborations and acknowledgment platform
  • Repository of approved, live procedures for immediate access & action
  • Concise instructions, and checklists, on how to fill out forms

  • External, full scale, penetration test
  • Data segregation analysis guide
  • Penetration test results and recommendations
  • Policy creation and submission to superintendent

  • Complete cyber security program planning and documentation
  • Guaranteed compliance with DFS regulatory filing requirements
  • CISO delegation
  • All regulatory REPORTING provided to management
  • Work with your IT team to remediate issues identified during penetration testing
  • Navigate compliance roadmap
  • Data segregation assessment
  • Third Party risk assessment for all vendors

  • Risk assessment report
  • Additional security recommendations
  • Threats analysis/risk determination

  • Breach Response Services
  • Backed by an AIG Insurance policy
  • Breach forensics and counseling
  • Breach notification and credit monitoring

arrow_image






Frequently asked questions


You are required to be compliant now!

The transition period came to an end on August 28, 2017 and you must provide a Certification of Compliance to the DFS before February 15, 2018.
See the calendar of dates on the DFS website.

Whether you are a financial organization licensed by the DFS or operating in New York State, you will be affected by DFS 23 NYCRR 500. Organizations covered by the new cybersecurity regulations include:

  • Banks and trust companies
  • Insurance Companies
  • Mortgage Lenders
  • Investment Companies
  • Brokers & Dealers
  • Other financial service providers

You may be exempt from some parts of the regulation. If you fall into the following categories:

  • Fewer than 10 employees
  • Less than $5 million in gross annual revenue for three years
  • Less than $10 million in year-end total assets

For the full list of exemptions, read the regulation here.

Firstly, and most significantly, this NYDFS cybersecurity regulation requires covered entities to file an annual certification of compliance with the regulation. These Certifications of Compliance will commence February 15, 2018.

According to the regulation, in order for organizations to reach the goals of the compliance, organizations must implement the following:

  • Cybersecurity Program (Section 500.02)
  • Cybersecurity Policies (Section 500.03)
  • Chief Information Security Officer (Section 500.04)
  • Penetration Testing and Vulnerability Management (Section 500.05)
  • Audit Trail (Section 500.06)
  • Application Security (Section 500.08)
  • Risk Assessments (Section 500.09)
  • Cybersecurity Personnel and Intelligence (Section 500.10)
  • Incident Response Plan (Section 500.16)

Read the 23 NYCRR PART 500 FAQ’s here.


Contact

  • 1661 McDonald Ave, 115,
    Brooklyn, NY 11230

  • 212-804-8297






Contact

  • 1661 McDonald Ave, 115,
    Brooklyn, NY 11230

  • 212-804-8297