[et_pb_section fb_built=”1″ fullwidth=”on” _builder_version=”3.9″ background_image=”https://www.mdsny.com/wp-content/uploads/2017/07/2000×1000-unsplash-bg-city-2.jpg” background_blend=”darken” custom_padding=”0px|0px|0|0px|false|false”][et_pb_fullwidth_header title=”5 things you should know about the September DFS deadline ” subhead=”And the necessary steps for full 23 NYCRR 500 Compliance” background_overlay_color=”rgba(0,0,0,0.18)” _builder_version=”3.10.1″ title_font=”||||||||” title_font_size=”67px” subhead_font=”||||||||” subhead_font_size=”34px” subhead_line_height=”1.1em” background_color=”rgba(255, 255, 255, 0)”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.3.1″ custom_padding=”26px|0px|0px|0px|false|false”][et_pb_row make_fullwidth=”on” custom_padding=”0px|0px|0px|0px” _builder_version=”3.0.98″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

For the thousands of NY financial institutions covered by DFS’s sweeping data security regulation, yet another deadline approaches on September 3, 2018. We break down 5 required actions to take by that date to ensure you aren’t left in the dust.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”28px|0px|0|0px|false|false” parallax_method_1=”off” parallax_method_2=”off” padding_1_tablet=”0%|5%|5%|5%” padding_1_phone=”|||” padding_1_last_edited=”off|desktop” _builder_version=”3.9″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_phone=”|||” padding_tablet=”0%|5%|5%|5%” padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

23 NYCRR Part 500 officially went into effect on March 1, 2017. Almost one year later, on February 15, 2018, all covered entities were required to submit the first certification of compliance under 23NYCRR 500. On March 1st, covered entities had to be compliant with Sections 500.04(b), 500.05, 500.09. 500.12, and 500.14(b). The next major deadline will take place on September 3, 2018 as the eighteen-month transitional period ends, and covered entities are required to be compliant with the remaining 23NYCRR’s sections (specifically 500.08, 500.13, 500.13(a) and 500.15). Overwhelmed yet? Not to worry, that’s why there are experts like us to guide you through this complex process. And will help break down this beast of a regulation (to likely be rolled out nation-wide after New York State), into palatable, actionable steps so that your financial or insurance company is not only compliant but has a streamlined data security protocol as a result.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2018/07/shutterstock_530107876.jpg__740x380_q85_crop_subsampling-2.jpg” _builder_version=”3.9″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”0%||0%|” column_padding_mobile=”on” parallax_method_1=”off” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ column_padding_mobile=”on” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”][/et_pb_text][et_pb_text _builder_version=”3.0.47″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”48″ text_font_size_phone=”36″ text_font_size_last_edited=”on|phone” text_line_height=”1.2em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” text_orientation=”center” max_width=”86%” module_alignment=”center” custom_css_main_element=”font-weight:900;”]

With the looming deadline less than 45 days away, MDS recommends the follow steps be taken by or before September 3rd.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”25.375px|0px|21px|0px|false|false” parallax_method_1=”off” parallax_method_2=”off” padding_2_tablet=”0px|5%|5%|” padding_2_phone=”0px|5%|5%|5%” padding_1_last_edited=”off|desktop” padding_2_last_edited=”off|desktop” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2017/07/dreamstime_xxl_39087885.jpg” force_fullwidth=”on” _builder_version=”3.9″][/et_pb_image][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_phone=”0px|5%|5%|5%” padding_tablet=”0px|5%|5%|” padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.3.1″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

  1. Implement an Audit Trail System (500.06)

Covered entities must implement, “to the extent applicable and based on its Risk Assessment”, an audit trail system designed to manage and track data “to reconstruct material financial transactions sufficient to support normal operations and obligations” in addition to track cybersecurity events. MDS compliance experts can implement the necessary auditing solution that allows you to comply with DFS requirements. While most institutions likely maintain transaction data, more rigorous tracking will be required to ensure an adequate lifecycle transaction information, potential intrusions, and/or losses. Audit records will need to be retained for at least five years for material financial transactions, and three years for cybersecurity events.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”|||” parallax_method_1=”off” parallax_method_2=”off” padding_1_tablet=”0%|5%|5%|5%” padding_1_last_edited=”off|desktop” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_tablet=”0%|5%|5%|5%” padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

  1. Strict Application Security (500.08)

All companies covered by 23 NYCRR 500 will be required to have “written procedures, guidelines and standards” in place to ensure “secure development practices” for all software created internally and used by the organization. It is also required to have procedures in place “for evaluating, assessing, or testing the security of externally developed applications (such as third-party software), used within the company. Such security policies would be tested by either a contracted company (such as MDS) hired to monitor said applications, or by the company’s CISO (Chief Information Security Officer) or DPO (Data Protection Officer). Note MDS provides both CISO and DPO services. Learn more about these services.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2018/05/GDPR-DPO-Security.jpg” url=”https://www.mdsny.com/data-protection-officer-dpo-services/” force_fullwidth=”on” _builder_version=”3.4.1″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”27px|0px|0|0px|false|false” parallax_method_1=”off” parallax_method_2=”off” padding_2_tablet=”0px|5%|5%|” padding_2_phone=”0px|5%|5%|5%” padding_1_last_edited=”off|desktop” padding_2_last_edited=”off|desktop” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2017/05/datacenter.jpg” force_fullwidth=”on” _builder_version=”3.9″][/et_pb_image][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_phone=”0px|5%|5%|5%” padding_tablet=”0px|5%|5%|” padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

  1. Limitations to Data Retention (500.13)

In contrast to how this regulation requires that organizations maintain an audit trail of data, there are also limitations on the data retention allowed. Policies and procedures are required for the secure, periodic disposal of non-public information (“NPI”) that is no longer necessary for business operations, except when such information is otherwise required to be retained by law, or when targeted disposal is not reasonably feasible due to the manner the information is maintained. An organization will also need to provide proof that this data was disposed of.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”0%||20px||false|false” parallax_method_1=”off” parallax_method_2=”off” padding_1_tablet=”0%|5%|5%|5%” padding_1_last_edited=”off|desktop” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_tablet=”0%|5%|5%|5%” padding_last_edited=”off|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

  1. Access Monitoring (500.14).

It is required that policies are developed for the continued monitoring of authorized users and detection of unauthorized users, along with regular cybersecurity awareness training. While a version of this is often already in place, as of September 3rd, these documented policies and procedures will need to be part of the company’s overall cybersecurity program. This is done to ensure “procedures and controls designed to monitor the activity” of authorized users of the company’s systems, as well as controls directed at detecting “unauthorized access or use of, or tampering with” non-public data by authorized users is implemented and monitored on an ongoing basis.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2017/10/dreamstime_xxl_88867311.jpg” force_fullwidth=”on” _builder_version=”3.9″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row custom_padding=”0px|0px|25px|0px|false|false” _builder_version=”3.0.67″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_cta title=”Make sure your organization is compliant with DFS” button_url=”https://www.mdsny.com/dfs-check-list/” button_text=”Download DFS Checklist” _builder_version=”3.9″ header_text_color=”rgba(255,255,255,0.97)” background_color=”rgba(0,0,0,0.72)” custom_button=”on” button_icon=”%%277%%” button_bg_color_hover=”rgba(255,255,255,0)” button_border_color_hover=”#ffffff” custom_css_main_element=”border-radius: 25px;”][/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”2″ custom_padding=”0|0px|27px|0px|false|false” custom_padding_last_edited=”on|desktop” parallax_method_1=”off” parallax_method_2=”off” padding_2_tablet=”0px|5%|5%|” padding_2_phone=”0px|5%|5%|5%” padding_1_last_edited=”on|desktop” padding_2_last_edited=”on|desktop” _builder_version=”3.3.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_margin_last_edited=”on|desktop”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_last_edited=”on|desktop” parallax=”off” parallax_method=”off”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2018/07/chain.jpg” force_fullwidth=”on” _builder_version=”3.9″][/et_pb_image][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ padding_phone=”0px|5%|5%|5%” padding_tablet=”0px|5%|5%|” padding_last_edited=”on|desktop” parallax=”off” parallax_method=”off”][et_pb_text _builder_version=”3.0.74″ text_font=”Source Sans Pro||||” text_text_color=”#303030″ text_font_size=”20″ text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” custom_margin_last_edited=”on|desktop”]

  1. Encryption of non-public information (500.15)

Lastly, covered entities must have “controls” in place to protect non-public information both in transit and at rest. For DFS, this control can come in the form of encryption. If encrypting non-public information is not possible, covered entities should use “alternate compensating controls” to secure this information upon approval of the CISO. When available, encryption should be employed to protect NPI held or transmitted by a covered organization both in transit over external networks or at rest.

____________________

Let the experts at MDS work to ensure your organization is compliant with DFS so you can focus on what’s important: growing your business. Check out our additional compliance resources now, which includes checklists, recorded webinars, and assessments designed to assist you on this compliance journey.

By Jarra Gruen, MDS

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.4.1″ background_color=”#ebebeb” border_radii=”|140px|140px||” custom_padding=”0px|0px|0px|0px” custom_css_after=”display: block;||position: absolute;||content: ”;||width: 100px;||height: 100px;||bottom: -50px;||left: 50%;||margin-left: -50px;||-ms-transform: rotate(45deg);||-webkit-transform: rotate(45deg);||transform: rotate(45deg);||z-index: 1;||”][et_pb_row make_fullwidth=”on” custom_padding=”38px|0px|3px|0px|false|false” _builder_version=”3.0.95″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.97″ text_font=”||||||||” ul_font=”||||||||” header_font=”||||||||” header_text_align=”center” header_text_shadow_style=”preset5″]

Reach out to an MDS compliance expert now and we will get back to you shortly!

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.4.1″ background_color=”#ebebeb” custom_padding=”0px|0px|0px|0px”][et_pb_row make_fullwidth=”on” custom_padding=”0px|0px|0px|0px” _builder_version=”3.0.97″ module_alignment=”center”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_code _builder_version=”3.0.97″ text_orientation=”center” module_alignment=”right”]<iframe src="https://www.mdsny.com/test3.html" allowtransparency="true" width="100%" height="650px" type="text/html" frameborder="0" style="border:0"></iframe>[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.106″ background_color=”#2d3743″ custom_margin=”|||” custom_padding=”15px|0px|0px|0px|false|false” global_module=”123120″][et_pb_row make_fullwidth=”on” custom_padding=”15px|0px|0px|0px|false|false” _builder_version=”3.3.1″ module_alignment=”center”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.3.1″ text_font=”||||||||” text_font_size=”12px” text_line_height=”1.6em” header_font=”||||||||” header_2_font=”||||||||” background_layout=”dark”]

About MDS

Updating your IT Infrastructure doesn’t have to be a do-it-yourself project. 

With MDS, you can focus on growing your business while we take care of the technology. Our engineers go beyond standard canned offerings by creating end-to-end project solutions tailored to fit your organization’s specific needs. 

MDS experts are available 24/7 and have a wide range of skills that allow you to harness the power of a large IT team, without the overhead.

 

[/et_pb_text][et_pb_social_media_follow _builder_version=”3.0.106″][/et_pb_social_media_follow][et_pb_social_media_follow _builder_version=”3.3.1″][et_pb_social_media_follow_network social_network=”twitter” url=”https://twitter.com/maureendatasys?lang=en” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]twitter[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”facebook” url=”https://www.facebook.com/MaureenData/” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]facebook[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”linkedin” url=”https://www.linkedin.com/company/maureen-data-systems” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.12″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Upcoming Events

August 22, 2018 (NYC)
Black Market LIVE! with Armor

September 12, 2018 (NYC)
Office 365 Tips & Tricks Workshop 

September 12, 2018 (Miami, FL)
Office 365 Pop Up Workshop

 

[/et_pb_text][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.105″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Contact Us

NYC Headquarters
307 W. 38th Street, Suite 1801
New York, NY 10018

Tel646-744-1000
Email: contactus@mdsny.com

NYC | FL | TX | PR

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]