NYDFS Cybersecurity Requirements webinar 1 – Q&A

I am pleased to report that we successfully delivered our inaugural NY State’s Department of Financial Services cybersecurity regulation: How to gain certification within timelines webinar on Tuesday, March 7. Presented by our CEO, Alan Calder, the webinar was attended by professionals from a range of organizations which included banks, savings and loans companies, insurance firms, and universities.

The highlights of our webinars are always the question-and-answer sessions at the end. We hope that these provide clarification about the role of ISO 27001 in complying with the Regulation.

Some of the questions included:


The first deadline of August 28 seems incredibly short. I can see that we need to urgently get started. I have also heard that it can take a very long time to get started with ISO 27001. Is this true?


Our extensive experience as an ISO 27001 consultant has shown the typical implementation period is between 3 and 9 months depending on the size of the organization.


Is certification to ISO 27001 a mandatory requirement of compliance with the NYDFS cybersecurity regulation?


No, not at all. It is up to the company to choose how to deliver the requirements. ISO 27001 defines the best practice required to implement and maintain an effective ISMS (information security management system). This best practice is the quickest and easiest way to ensure that you can comply with the New York DFS regulation. We do also recommend that you achieve certification to ISO 27001, as this will enable you to demonstrate to your customers and stakeholders that you are taking cybersecurity seriously.


We are only a small consultancy (five people) and you mentioned exemptions. Do they apply to just one of the conditions (fewer than 10 employees) or all three (less than $5 million turnover, less than $100 million in assets)?


Any one of these conditions apply and we are pretty sure of your exemption. Please bear in mind that’s it still a good idea to adopt a strong cybersecurity posture, and small firms are particularly vulnerable to cyber attacks.

Get all your questions answered, and learn more about the NYDFS Cybersecurity Requirements and ISO 27001. Register for our series of webinars here >>

If you missed our previous webinar – NY State’s Department of Financial Services cybersecurity regulation: How to meet requirements within deadlines – don’t worry! You can download the slides and recording below.

You may also be interested in our products that are:

  • Tailored NYDFS requirements
  • Developed by expert practitioners
  • Cost-effective and efficient

Find out more here >>