Posted on Feb 22, 2019
As of February 15, 2019, all Covered Entities and licensed persons who are not fully exempt from the Regulation were required to submit a Certification of Compliance. The document provides an attestation covering compliance for the 2018 calendar year.
The DFS Certification of Compliance provides critical proof that a regulated entity engages in appropriate governance over its cybersecurity program. While fully exempt entities and persons did not need to submit a certificate, some organizations who filed a Notice of Exemption may only be partially exempt and therefore still require a Certification of Compliance to demonstrate compliance with the portions of the regulation that apply to them.
As with every newly introduced regulation, organizations tend to put compliance efforts on the back burner until attestation deadlines or audits come up. Are organizations ready for compliance with NY DFS?
Since the initial effective date, DFS has released a Frequently Asked Questions (FAQ) page clarifying several points:
Are organizations ready to submit a complete certificate of compliance by February 15, 2019? Let’s consider some of the critical aspects of NY DFS we should address:
Before regulators begin reviewing compliance and assessing fines, you must address all these requirements. Since cybercriminals continuously seek new system, network, and software vulnerabilities, point-in-time audit reports no longer prove cybersecurity. Documenting the continuous monitoring of your data environment and data ecosystem with real-time visibility into cyber risk is the only way to maintain a robust compliance posture and avoid violation penalties. Taking a proactive rather than reactive approach to cybersecurity and compliance can protect and organization’s data, financial security, and reputation.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.