NYDFS

The financial industry is under siege regarding cyber crime. NYDFS is leading the way with stricter cybersecurity regulations to address the increasing instances of cyber attacks on the financial industries. NYDFS Cybersecurity Regulation (23 NYCRR 500) are regulations establishing cybersecurity requirements for financial services companies.

The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they are: 

  • Credit Unions
  • Health Insurers
  • Investment Companies
  • Licensed Lenders
  • Private Bankers
  • Offices of Foreign Banks
  • Commercial Banks
  • Life Insurance Companies
  • Mortgage Brokers
  • Savings and Loans Associations

No Action Can Be Costly

Almost every covered entity is required to file a Certificate of Compliance with NYDFS by April 15, 2020.

NYDFS regulations can mean potential financial penalties equaling up to $500,000 in less than a week.

For example, these potentially hefty fines can add up quickly:

  • $2,500 per day during which a violation continues
  • $15,000 per day in the event of any reckless or unsound practices or pattern of misconduct
  • $75,000 per day in the event of a knowing and willful violation

Being NYDFS exempt does NOT mean you are EXCUSED

NYDFS made provisions for certain covered entities to be exempt from not having to meet certain 23 NYDFS 500 cybersecurity regulations. For more information about NYDFS exemption status click here.

Many entities with exemption status may not know they are still required to complete a risk assessment, revise policies and procedures, publish Third Party Provider Security Policy and document a cybersecurity program to avoid possible fines and penalties.

Third Rock has taken the confusion, frustration and labor intensive requirements for NYDFS compliance and made it simple, easy and affordable.

Utilizing Third Rock’s automated compliant software, CyberCompass™, you get a fast, effective and efficient solution to protect your business, clients and compliance by the April 15, 2020 deadline. We have solutions for EXEMPT and NON-EXEMPT entities.

Third Rock offers CyberCompass™ automated compliance software with built-in expertise that translates NYDFS government requirements into layman’s terms. It does most of the heavy lifting with the analysis and compliance documentation to streamline NYDFS compliance workflow so you can meet the April 15, 2020 deadline.

It is cloud-based, so it can be accessed anywhere with no software download. You don’t have to be a NYDFS or cybersecurity expert to use CyberCompass™.

Our automation can save your firm over 400 hours in twelve months on becoming and staying compliant.

  • Answer one set of simple yes/no questions that meets NYDFS & CIS-20
  • Flexibility to start and stop – CyberCompass™ saves your progress
  • Compliance gap report to gain visibility into your non-compliance
  • Built in step-by-step guide to fix issues and get compliant quickly
  • CyberCompass™ online vault to save your “body of evidence” in one place
  • Monitor your compliance for 12 months with dashboards and reporting

See our NYDFS and CyberCompass™ Frequently Asked Questions to learn more.

Plan

(Price)

Email Previews

Builder

Page Testing

Interactive Testing

Spam Filter Tests

500,000 Tracking Opens

2 Users Free

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

NYDFS 500 EXEMPT

$250/mo

billed yearly

Cover the Basics Quickly:

For Covered Entities that meet the NYDFS Exemption (a), (b) or (d)

Self Guided Risk Assessment - Meets NYDFS requirements with reduced assessment questions

Policies and Procedures - Full set created to meet NYDFS requirements

Risk Management Plan

Cybersecurity Plan

Incident Response Plan

Business Continuity / Disaster Recovery Plan

Breach Notification Plan

SDLC Plan for application development

Third Party NYDFS Compliance Tracking

NYDFS Certification of Compliance - ready to file

Audit Trail / Body of Evidence

12 months access to CyberCompass software to monitor cyber risk

Penetration Testing - up to 10 public facing IP addresses 1 time a year

Network Vulnerability and Compliance Scans - 1 network for up to 225 devices 2 times a year

NYDFS 500 NON-EXEMPT

$400/mo

billed yearly

Cover the Basics Quickly:

Self Guided Risk Assessment - Meets NYDFS requirements with reduced assessment questions

Policies and Procedures - Full set created to meet NYDFS requirements

Risk Management Plan

Cybersecurity Plan

Incident Response Plan

Business Continuity / Disaster Recovery Plan

Breach Notification Plan

SDLC Plan for application development

Third Party NYDFS Compliance Tracking

NYDFS Certification of Compliance - ready to file

Audit Trail / Body of Evidence

Cyber Awareness Employee Training 

12 months access to CyberCompass software to monitor cyber risk

Penetration Testing - up to 10 public facing IP addresses 1 time a year

Network Vulnerability and Compliance Scans - 1 network for up to 225 devices 2 times a year

Professional Solutions

Custom

Contact for pricing

Solutions to meet your needs:

Virtual Chief Compliance Officer (vCISO) services meet NYDFS on-staff CISO requirements

Rapid Response Services

Remediation Assistance

Rapid Remediation Services

Custom Policies and Procedures

Virtual Compliance Officer

Cybersecurity scans and rapid repair

Self-Assessment Assistance

We have affordable pricing to get you compliant quickly