New York: NYDFS publishes draft amendments to its Cybersecurity Requirements for Financial Services Companies
The New York State Department of Financial Services ('NYDFS') released, on 29 July 2022, its proposed draft amendments to the Cybersecurity Requirements for Financial Services Companies ('23 NYCRR 500'). In particular, the draft amendments would implement several changes, including:
- new obligations for companies which qualify as 'Class A' companies, including relating to audits and vulnerability assessments;
- the requirements for CISO independence;
- new requirements for business continuity and disaster recovery plans;
- new notification obligations; and
- changes to factors which may be evaluated when issuing penalties for violations of 23 NYCRR 500.
Comments on the proposed amendments can be submitted until 8 August 2022 at [email protected].
You can read the proposed amendments here.