Need to file DFS Certification of Compliance?
My insurance broker client, who sells policies via their e-commerce website, received an email from New York State Department of Financial Services (DFS) asserting a requirement that my client file a "Certification of Compliance" by February 15, 2020.
I've never heard of this before, nor has my client. The entity's website is www.dfs.ny.gov. I assume we must file as indicated, but I can't tell if this is something required only of businesses incorporated in NY State, which my client's company is not.
I'd be grateful to know if anyone here knows whether whether a response on my client's part is required. Following are the money quotes from the email:
"All regulated entities and licensed persons of the DFS were required to file an annual cybersecurity regulation Certification of Compliance under Part 500. Although you did not file a Certification of Compliance this year, this is an early reminder that one is due by February 15, 2020. If you are compliant with all sections of the Part 500 that apply to you by the end of the year, then please file your Certification in a timely manner. If you do not file a Certification because you were not compliant with Part 500, then please keep appropriate documentation including any remedial plans....
"The Department will consider a failure to submit a Certification of Compliance as an indicator that the cybersecurity program of the Covered Entity has a substantive deficiency. Any current or future deficiencies of Part 500 might lead to penalties including possible fines and prevention of your license renewal."
Thanks,
Jonathan
I've never heard of this before, nor has my client. The entity's website is www.dfs.ny.gov. I assume we must file as indicated, but I can't tell if this is something required only of businesses incorporated in NY State, which my client's company is not.
I'd be grateful to know if anyone here knows whether whether a response on my client's part is required. Following are the money quotes from the email:
"All regulated entities and licensed persons of the DFS were required to file an annual cybersecurity regulation Certification of Compliance under Part 500. Although you did not file a Certification of Compliance this year, this is an early reminder that one is due by February 15, 2020. If you are compliant with all sections of the Part 500 that apply to you by the end of the year, then please file your Certification in a timely manner. If you do not file a Certification because you were not compliant with Part 500, then please keep appropriate documentation including any remedial plans....
"The Department will consider a failure to submit a Certification of Compliance as an indicator that the cybersecurity program of the Covered Entity has a substantive deficiency. Any current or future deficiencies of Part 500 might lead to penalties including possible fines and prevention of your license renewal."
Thanks,
Jonathan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
David, I'm going to need to hire someone for this and a slew of other security-related issues. Do you have any first hand knowledge regarding the quality of this company, or is this just a website you found while doing a search?
Thanks again.
Thanks again.
ASKER