What are the New York State Department of Financial Services (NYDFS) Cybersecurity Requirements?
The New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies (Cybersecurity Requirements, the Regulation, NYDFS Cybersecurity Regulation) came into effect on March 1, 2017, with mandatory certification reporting commencing on February 15, 2018.
The Regulation requires all New York financial institutions to implement cybersecurity programs as protection from data breaches.
On December 12, 2017, Governor Andrew M. Cuomo instructed the New York Department of State to hold consumer credit reporting agencies accountable to the public through the issue of new regulations. Consumer credit reporting agencies must report to the Department of State’s Division of Consumer Protection and respond within ten days to the agency’s requests, on an emergency (such as a data breach) basis, on behalf of consumers.
The new protections demonstrate how New York State is tightening its cybersecurity regulations to protect consumer data.
What is ISO 27001?
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) formed a committee of leading experts to document the requirements for an effective ISMS. This document is known as ISO/IEC 27001:2013 or, more commonly, ISO 27001.
ISO 27001 provides a holistic approach to creating an ISMS that encompasses people, processes, and technology. An ISMS is based on regular risk assessments to ensure that threats are identified and treated in an appropriate manner, in line with the organization’s risk appetite.
Why ISO 27001?
ISO 27001’s controls cover all sections of the NYDFS Cybersecurity Requirements, and provide additional security measures to strengthen your ISMS while supporting business objectives. Importantly, ISO 27001 requires extensive documentation, which will help your organization achieve certification through the auditing process.
There are a number of supporting documents that provide additional implementation guidance. A particularly useful document is ISO 27002, which provides detailed guidelines for the 114 information security controls identified in Annex A of ISO 27001.
ISO 27001 and ISO 27002 2022 updates
ISO/IEC 27001:2022 – the newest version of ISO 27001 – was published in October 2022.
Organisations that are certified to ISO/IEC 27001:2013 have a three-year transition period to make the necessary changes to their ISMS (information security management system).
For more information about ISO 27001:2022 and its companion standard, ISO 27002:2022, and what they mean for your organisation, please visit ISO 27001 and ISO 27002: 2022 updates
Download your copy of ISO 27001:2022 here
Download your copy of ISO 27002:2022 here
NYDFS Cybersecurity Requirements and the ISO 27001 standard
Download our free green paper to learn how the globally recognized ISO 27001 standard can help you meet the NYDFS requirements and protect your business against vulnerabilities and cybersecurity threats.
Download now
Achieve certification to ISO 27001
ISO 27001 certification demonstrates to your customers and stakeholders that you take cybersecurity seriously. With the increasing frequency of cyber attacks on the financial services industry, brandishing internationally accepted certification demonstrates the effectiveness of your cybersecurity, giving you a competitive advantage.
Citibank, IBM, Microsoft, and the Federal Reserve Bank of New York are just a few of the leading organizations that have implemented ISO 27001, demonstrating their dedication to cybersecurity and protecting customer data.
Find out more about ISO 27001 certification >>
Achieve ISO 27001 certification to meet NYDFS Cybersecurity Requirements
If you want to join leading businesses in committing to cybersecurity best practice, win new business, and simplify compliance requirements, choose from our range of ISO 27001 products that can help your organization address the NYDFS Cybersecurity Requirements.
ISO 27001 Cybersecurity Toolkit
ISO 27001 certification requires organizations to prove their compliance with the Standard with appropriate documentation, which can run to thousands of pages for more complex businesses.
This toolkit provides a complete set of easy-to-use, customizable documentation templates that are aligned with ISO 27001, NIST SP 800-53, and the NYDFS Cybersecurity Requirements to save you time and money
Shop now