The New York Department of Financial Services 23 NYCRR 500 became the first state-backed cybersecurity regulation in 2017. Financial services companies who are domiciled, or do business, in the state of New York are subject to the requirements of 23 NYCRR 500. In May 2018, South Carolina took a similar step by enacting the South Carolina Insurance Data Security Act. SCA sees this trend continuing and can help your organization meet the cybersecurity regulatory requirements for your respective state.
Existing information and cyber security frameworks provide a measurable, repeatable and defensible process for implementing and managing a security process or program. The NIST Cybersecurity Framework (CSF) is a widely adopted framework used by both private and public organizations. The ISO 2700 series is a globally recognized family of standards for keeping information assets secure. In this series, ISO 27001 is the best known and provides requirements for an Information Security Management System. Whether your benchmark is NIST, ISO or another set of standards, SCA can provide an assessment to move you closer to your desired target state.