This website uses cookies. View our cookie policy
Select regional store:

Meet the requirements of the NYDFS cybersecurity regulation with confidence

IT Governance can help you gain the skills and tools to implement the ISO 27001 standard alongside the New York State Regulation. Choose from products that are:

  • Tailored to NYDFS requirements
  • Developed by expert practitioners
  • Cost-effective and efficient

Get training, assess risks, and make documentation easy with:


ISO 27001
Certified ISMS online training

Learn More


ISO 27001 Cybersecurity
Documentation Toolkit

Learn More


risk assessment software

Learn More



Live Online training

ISO27001 Certified ISMS Foundation

In this one-day course, an experienced ISO 27001 trainer and consultant will:

  • Explain the key elements of an ISMS implementation project: planning, scoping, and communication
  • Help you understand the key steps of an ISO 27001 risk assessment
  • Explain how ISO 27001 aligns with the measures required for the NYDFS Cybersecurity Requirements, and how to factor in other regulations and legislation


ISO 27001 Certified ISMS Lead Implementer

Achieve the ISO27001 Certified ISMS Lead Implementer (CIS LI) qualification (ISO 17024-accredited) with this three-day course. An online exam is included in the course.

An experienced ISO 27001 trainer and consultant will guide you through:

  • Demonstrating how to use the Standard to achieve compliance with laws and regulations, such as the NYDFS Regulation, HIPAA, FedRAMP, and the Sarbanes-Oxley Act
  • Developing the skills required to achieve ISO 27001 compliance for your organization
  • How to manage and drive continual improvement under ISO 27001

Click here for all ISO 27001 Live Online training courses >>


Documentation toolkit

ISO 27001 Cybersecurity Documentation Toolkit

Developed by information security experts, this toolkit is aligned with the NYDFS Cybersecurity Requirements and will help make sure that your organization can document its compliance with the Regulation in an efficient and cost-effective manner.

The toolkit includes:

  • A complete set of mandatory and supporting ISO 27001 documentation
  • Customizable templates and worksheets aligned with the NYDFS Cybersecurity Regulation (23 NYCRR 500)
  • High-level instructions and guidance to help you get started
  • Project tools to guide your implementation journey, including gap analysis and mapping documents


Risk assessment software


A robust cybersecurity program begins with risk assessment to identify and measure specific risks to your organization, and the controls to mitigate them. Fully aligned with ISO 27001:2013, vsRisk helps you conduct an information security risk assessment quickly and easily.

vsRisk allows you to:

  • Track risks, actions, and priorities from dashboard views
  • Apply data from two built-in databases:
    • Threats and vulnerabilities
    • Seven different control sets
  • Upload policies or procedures as controls straight from an ISO 27001 documentation toolkit*
  • Apply implementation details
  • Collaborate with multiple users or assessors
  • Add comments and deadlines
  • Add or clone additional information security management systems (ISMSs)
  • Draw, edit, and print instant, audit-ready reports
    *Toolkit available at an additional cost

vsRisk is flexible and adaptable:

  • Customize the risk criteria, risk calculation formula, and impact/ likelihood scales
  • Create and add your own assets, risks, and controls
  • Create customized views based on risks, owners, assets, and groups
  • Assess the confidentiality, integrity, and availability of assets
  • Choose from four risk responses: treat, tolerate, transfer, or terminate
  • Customize and edit reports in Excel, save to PDF, or export the raw data to CSV

Includes seven control sets:

  • ISO/IEC 27001:2013
  • ISO/IEC 27001:2005
  • PCI DSS v3
  • NIST SP 800-53
  • Cloud Controls Matrix
  • ISO/IEC 27032
  • Cyber Essentials


IT Governance provides a full range of products to cover all of the NYDFS Cybersecurity Requirements for Financial Services Companies

If you want to meet your compliance requirements in a cost-effective and efficient manner, choose from our range of ISO 27001 products, including standards, books, tools, training, and consultancy.


You can be confident you are receiving quality products and services from a trusted provider with more than ten years’ experience in cybersecurity, risk management, and IT governance.

See how we have helped other companies implement an ISMS and achieve certification against the information security standard ISO 27001.

Download one of our case studies >>