Search common contracting language and take a deeper dive to discover what each means
23 NYCRR 500 is a cybersecurity regulation issued by the New York State Department of Financial Services (NYDFS) that applies to financial services companies operating in New York. The regulation requires these companies to implement various cybersecurity measures to protect their customers' sensitive data from cyber threats.
To comply with the regulation, businesses must develop and maintain a comprehensive cybersecurity program that includes policies and procedures for data security, risk assessments, and regular testing and monitoring of their systems. They must also implement multi-factor authentication, encryption, and other security controls to protect sensitive data, as well as provide regular cybersecurity training to their employees. Companies must also report any cybersecurity incidents to the NYDFS within 72 hours of discovery