ISO 27001 and New York State’s cybersecurity requirements
The New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies (Cybersecurity Requirements, the Regulation, NYDFS Cybersecurity Regulation) came into effect on March 1, 2017, with mandatory certification reporting commencing on February 15, 2018. The Regulation requires all New York financial institutions to implement cybersecurity programs as protection from data breaches.
On December 12, 2017, Governor Andrew M. Cuomo instructed the New York Department of State to hold consumer credit reporting agencies accountable to the public through the issue of new regulations. Consumer credit reporting agencies must report to the Department of State’s Division of Consumer Protection and respond within ten days to the agency’s requests, on an emergency (such as a data breach) basis, on behalf of consumers.
The new protections demonstrate how New York State is tightening its cybersecurity regulations to protect consumer data.
Are you looking to comply with the NYDFS Cybersecurity Regulation in an effective and efficient manner?
ISO 27001, the internationally recognized standard for information security management, aligns with the NYDFS Cybersecurity Regulation and provides you with a best-practice solution for compliance.
ISO 27001 is a set of requirements for the establishment, implementation, maintenance, and continual improvement of an information security management system (ISMS).
Why ISO 27001?
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) formed a committee of leading experts to document the requirements for an effective ISMS. This document is known as ISO/IEC 27001:2013 or, more commonly, ISO 27001.
ISO 27001 provides a holistic approach to creating an ISMS that encompasses people, processes, and technology. An ISMS is based on regular risk assessments to ensure that threats are identified and treated in an appropriate manner, in line with the organization’s risk appetite.
ISO 27001’s controls cover all sections of the NYDFS Cybersecurity Requirements, and provide additional security measures to strengthen your ISMS while supporting business objectives. Importantly, ISO 27001 requires extensive documentation, which will help your organization achieve certification through the auditing process.
See how ISO 27001 controls align with the Regulation’s requirements by downloading our free green paper >>
There are a number of supporting documents that provide additional implementation guidance. A particularly useful document is ISO 27002, which provides detailed guidelines for the 114 information security controls identified in Annex A of ISO 27001.
ISO 27001 certification demonstrates to your customers and stakeholders that you take cybersecurity seriously. With the increasing frequency of cyber attacks on the financial services industry, brandishing internationally accepted certification demonstrates the effectiveness of your cybersecurity, giving you a competitive advantage.
Citibank, IBM, Microsoft, and the Federal Reserve Bank of New York are just a few of the leading organizations that have implemented ISO 27001, demonstrating their dedication to cybersecurity and protecting customer data.
If you want to join leading businesses in committing to cybersecurity best practice, win new business, and simplify compliance requirements, choose from our range of ISO 27001 products that have been specifically designed to address the NYDFS Cybersecurity Requirements.
ISO 27001 Cybersecurity Documentation Toolkit
ISO 27001 certification requires organizations to prove their compliance with the Standard with appropriate documentation, which can run to thousands of pages for more complex businesses.
This toolkit provides a complete set of easy-to-use, customizable documentation templates that are aligned with ISO 27001, NIST SP 800-53, and the NYDFS Cybersecurity Requirements to save you time and money
Certified ISO 27001 ISMS Foundation Online Training Course
Discover how to use a globally recognized information security framework to help your organization protect itself from a data breach and meet regulatory requirements for data security. This course will help you get started developing an ISMS (information security management system) aligned to the best-practice standard ISO 27001.
Speak to an expert
For free practical advice and guidance on your ISO 27001 certification project, or a no-obligation quote, contact us today to speak to an ISO 27001 specialist.