The NAIFA-NYS Cybersecurity Compliance Package is a tool for you to use to help you comply with the Department of Financial Services (DFS) new cybersecurity regulation.
Are you a licensed insurance producer or entity?
Do you maintain an IT system – a computer system of one or multiple devices for collecting, processing, storing, sending, or creating information?
Do you store non-public information – electronic information not “publicly available”?
Did you answer “YES” to the above questions?
Then you need this Compliance Package!
The package is a three-part online program that includes the following:
- access to an online analytical tool, so that you can assess the cyber-security risk of your IT system (as required by the regulation)
- access to a written model cyber-security policy, which you can edit to reflect your risk assessment (as required by the regulation)
- an online training session (as required by the regulation)
The consequences of non-compliance with the DFS regulation can be significant – not just in fines and other penalties issued by DFS, but in the potential fallout to your business operations if someone breaches your cyber system.
PLEASE NOTE: Purchasing the Compliance Package will not make you compliant with the regulation. Covered entities must certify their compliance directly on the DFS web site at www.dfs.ny.gov.
As noted in DFS guidance (FAQ #14, available HERE), DFS does not want covered entities to submit supporting documents when certifying compliance with the regulation. Such documents, which would include your NAIFA-NYS Compliance Package risk assessment report, should be kept for your records.