In this installment of our blog series, Managing Privacy and Risk in Financial Services, we take a closer look at another regulation having impact on the industry.
NY State Cybersecurity Regulation, let me introduce you to ServiceNow's Vendor Risk and Vulnerability Response The initial 30-day period for filing Notices of Exemption under 23 NYCRR 500.19(e) ended last month. You're ready, right? The new"ish" NY State requirement calls for banks and insurers to scrutinize the security of third-party vendors that provide them goods and services. But wait… there's more. . . more to this regulation, that is.
The highlights:
- Establishment of a Cybersecurity Program
- Adoption of a Cybersecurity Policy
- Chief Information Security Officer
- Third-Party Service Providers
The regulations outline solid security practices like limiting distribution of personally identifiable information or demanding multifactor authentication and requiring organizations to test their cyber security systems. Testing systems…what a great idea! In theory. The problem is with the cadence of cyber risk certification. The regulation requires vendors to be checked quarterly or annually. It's like checking the weather every 365 days. Nope…no, rain today. Let's check again next year. However, this is just the first step. They're easing into this regulation. The cadence, among other things, will probably change over time in later versions of the regulation.The combination of ServiceNow's Vendor Risk, Vulnerability Response, Security Incident Response and Governance Risk and Compliance product is unmatched and unparalleled in addressing this regulation.At ServiceNow, we understand security needs coverage 365 days per year.
While delving into this regulation, I turned to my colleague Piero DePaoli our Senior Director of Product Marketing, Security Business Unit at ServiceNow to offer insight: Continue reading on ServiceMatters
Check back in on Friday, October 6th, for the final installment of our blog series Managing Privacy and Risk in Financial Services.
Next post:
Part Six: Rinse and Repeat (IT GRC)
Additional Resources:
- Join us for our webinar, "Managing Privacy and Risk in Financial Services" on Tuesday, October 10 at 8:00am PDT/11:00am EDT. Experts from Nomura and ServiceNow will share their tips and strategies for managing compliance in the financial services industry.
- Read ServiceNow's Vendor Risk Management for Financial Services solution brief
- Watch our video: Managing Vendor Risk for Financial Services Companies
