DFS Acting Superintendent Kaitlin Asrow Issues New Cybersecurity Guidance to Address Risks Associated with the Use of ThirdParty Service Providers Department of Financial Services
p
ppNew York State Department of Financial Services DFS Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on thirdparty service providers TPSPs The guidance builds on the Departments ongoing work to protect New Yorkers and DFSregulated entities from cybersecurity risks through its nationleading cybersecurity regulation ppWhile thirdparty service providers have driven innovation and enabled significant efficiencies in our financial system regulated entities are still ultimately accountable for protecting consumers and managing risk said Acting Superintendent Kaitlin Asrow To ensure the safe and secure operation of financial services and the protection of nonpublic information entities must establish and maintain appropriate internal risk management controls when using thirdparty service providers ppThis guidance does not impose new requirements or obligations on DFSregulated entities Rather the guidance is intended to clarify regulatory requirements under DFSs cybersecurity regulation and share best practices that entities should consider implementing ppA copy of the guidance can be found on the Departments website Additional cybersecurity resources can be found on the Departments Cybersecurity Resource Center pp p
ppNew York State Department of Financial Services DFS Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on thirdparty service providers TPSPs The guidance builds on the Departments ongoing work to protect New Yorkers and DFSregulated entities from cybersecurity risks through its nationleading cybersecurity regulation ppWhile thirdparty service providers have driven innovation and enabled significant efficiencies in our financial system regulated entities are still ultimately accountable for protecting consumers and managing risk said Acting Superintendent Kaitlin Asrow To ensure the safe and secure operation of financial services and the protection of nonpublic information entities must establish and maintain appropriate internal risk management controls when using thirdparty service providers ppThis guidance does not impose new requirements or obligations on DFSregulated entities Rather the guidance is intended to clarify regulatory requirements under DFSs cybersecurity regulation and share best practices that entities should consider implementing ppA copy of the guidance can be found on the Departments website Additional cybersecurity resources can be found on the Departments Cybersecurity Resource Center pp p
