Cybersecurity Compliance Review
NRS is the recognized expert in testing and assessing the adequacy and effectiveness of your firm’s compliance efforts, including those required by the regulators’ increased focus on Cybersecurity procedures, controls and mechanisms.
Undertaking an internal assessment of its customer information safeguarding procedures and ensuring they are sufficiently robust is a difficult task. The SEC’s “Cybersecurity Initiative” (released in April, 2014) and FINRA’s January, 2014 announcement that it would be conducting an assessment of firms’ approaches to managing security threats speak to the level of seriousness with which they are taking the issue of Cybersecurity. The focus will continue to grow, given the on-going Cybersecurity issues reporting across the financial services industry. In his keynote address at the 2014 NRS Spring Conference, Arnold Felderbaum, Chief IT Security and Compliance officer for Reed Elsevier, agreed with other experts in the field. “Hacktivists are trying to prevent your customers from doing business with you.” In light of the very real possibilities of customer information being compromised, the regulators are stressing their concern with infrastructure integrity ensuring the safety and security of sensitive customer data.
The NRS Complete Solution
NRS offers a comprehensive solution to help assess and evaluate internal controls, identify and qualify activities as potential risks and to assist organizations in prioritizing those risks. Relying on the experience gained from providing customized compliance services and solutions to the financial services industry for nearly 30 years, NRS is uniquely positioned and adept at helping firms identify their Cybersecurity risks, determining where additional or more in-depth customized procedures are needed. Areas to be reviewed include supervision of information technology systems, operational capabilities, market access, information security and preparedness to respond to sudden malfunctions and breaches.
During a Cybersecurity Compliance Review, a NRS consultant will:
- Review the firm’s risk assessment to determine if they have taken measures to identify security risks inherent in their business model and practices.
- Assess the firm’s written policies and procedures to determine if procedures have been sufficiently developed to address any identified data security risks.
- Review any testing that has been conducted on the firm’s data security policies and procedures.
- Verify that certifications are held (e.g., ISO, ISAE, SSAE, SOC, TIA) by both the firm and its vendors with access to confidential and/or personally identifiable nonpublic information. (Vendor reviews will be limited to documentation obtained by the firm during its due diligence process. NRS will not independently contact any vendors to obtain any information.)
- Review procedures developed to detect and react to security breaches.
- Determine that procedures relating to Reg S-ID (“Red Flags Rule”) and other regulation identity detection regulations and guidance.
- Discuss most recent SEC document requests with appropriate IT personnel to determine that all information/documentation requests can be complied with.
NRS can prepare you for a potential SEC or FINRA examination through one of our many compliance consulting services. To get started, contact NRS today.