NYDFS and ISO 27001 as a best-practice solution
The New York Department of Financial Services’ (NYDFS) cybersecurity Requirements began its 180-day transition period on March 1, and financial institutions (and their third party providers) across the state are making sure they have the measures in place to comply with the Regulation.
Adopting ISO 27001 is a great way to achieve compliance. It is the international standard that describes best practice for an information security management system (ISMS), and can be used as a framework to meet the Requirements.
How ISO 27001 can help
Much of the NYDFS cybersecurity Requirement is native to ISO 27001 making it straight-forward to implement and manage. ISO 27001 is an ideal umbrella security framework and can easily accommodate other regulatory requirements, for instance, Clauses 4.2 and 4.3 of ISO 27001 essentially require the ISMS to meet all legal, regulatory, and contractual requirements, which naturally includes the NYDFS Cybersecurity Requirements. As such, compliance with ISO 27001 should streamline NYDFS compliance because it’s already understood, has plenty of resources, and provides a structure for NYDFS compliance.
August 28, 2017 – covered entity’s cybersecurity program, cybersecurity policy, and response plan must all be in place; breach notification obligation effective; CISO must be appointed;
February 15, 2018 – first annual certification to the Superintendent of Financial Services due;
March 1, 2018 – penetration and vulnerability testing obligation begins; periodic assessments policy must be in place; cybersecurity awareness training must be provided to employees;
September 1, 2018 – covered entity’s audit trail policy, applications security policy, data retention policy, and authorized user monitoring policy must all be in place; encryption or alternative must be adopted; and
March 1, 2019 – third party service provider security policy in place.
Ezentria helps firms implement cutting edge information security practices. Using the globally-accepted ISO 27001:2013 Information Security Management System as a focal point. Contact us to discuss your environment and we’ll create a strategy to meet the NYDFS requirement and also groom your organization to easily accommodate future information security legislation and concern.