23 NYCRR 500
This regulation sets cybersecurity requirements for financial service entities that operate in New York State. With malicious actors using increasingly sophisticated attempts to breach systems and seize data, the amount of cybersecurity regulations will continue to snowball.
The general purpose of the regulation is to ensure that financial service entities do their due diligence to effectively protect their customers and information systems from cyber attacks.
ARE YOU EXEMPT?
If you fit any of the following criteria you qualify for a Limited Exemption. This doesn’t eliminate ALL of your compliance needs but it reduces your obligations.
- Fewer than 10 employees(Including independent contractors)
- Less than $10 Million in year-end total assets
- Less than $5 million in gross revenue
Instructions on filing a notice of exemption.
What Are the Deadlines?
- August 28th is the initial deadline for the first section of technical requirements.
- September 28th 2017 is the deadline for filing a notice of exemption.
- February 15th 2018 is the deadline for the first certification of compliance.
- March 1st 2018 is the deadline for the second round of technical requirements.
- September 3rd 2018 is the deadline for the third round of technical requirements.
