From: The CPA Journal
By Al Alper
New York State recently adopted a “first-in-the-nation” set of cybersecurity compliance requirements that impact any businesses or organizations that report to the Department of Financial Services (DFS). Effective March 1, 23 NYCRR 500 is meant to anticipate, address, and thwart cybercriminals by requiring “each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.”
CPA firms are not directly affected by 23 NYCRR 500—as they are not regulated by the DFS—but many of their clients and employers will be. Numerous companies fall under DFS jurisdiction including banks and trust companies; insurance companies and related entities; mortgage brokers, originators, and servicers; and charitable foundations, as well as other New York State–regulated corporations. In order to counsel these businesses, CPAs must understand the new regulations and their impact. In addition, it makes sense for CPA firms to be proactive in adopting the new regulations, as the profession itself is likely to be included in future regulatory efforts.
Requirements under the New Regulation
Leave a Reply