NYDFS Frequently Asked Questions

We have cyber security under control, why do I need this?

Three very important reasons:

  1. It has built in NYDFS expertise that most firms don’t have to meet the February 15, 2020 filing date.
  2. You can complete a security risk assessment (required by NYDFS) so you can validate your cyber security and/or act as a check for any outsourced cyber security services (with your MSP).
  3. You can now track your compliance across people, processes, technology and vendor in one place using your CyberCompass™ 12 month subscription.

You can think of CyberCompass™ as your compliance check-up and fitness tracking tool to make sure your firm is cyber strong.

 A recent survey showed only 19% of companies are managing and tracking their cyber risk and compliance, especially with vendors. Why? Most don’t have the expertise or the tools to monitor and manage across your organization. With CyberCompass™ your companies can become vigilant, relentless, and resilient towards cyber crime across your entire organization.

 

How do I activate my account? Do I have to download something?

Contact one of our partners Third Rock or RSI.

CyberCompass™ is cloud-based.  You don’t have to download anything.

 

What is CyberCompass™ software and how does it work?

First of all you don’t need to be a NYDFS or Cyber Security Expert.

CyberCompass™ software translates government requirements into layman’s term, doing most of the heavy lifting for the analysis.  You start with your security risk assessment that is an online survey that walks your broker or staff member through questions that are designed to determine your practice’s level of cyber security and compliance. CyberCompass™ includes an online secure vault capability for you to upload all your supporting documentation or “body of evidence” required to maintain for 5 years as you complete the assessment.

 Once you complete the survey (by the way you will immediately meet one of the compliance requirements by NYDFS), you will receive a report spelling out items that need to be addressed and how to correct them.  It even prioritizes those items so you can focus on where you have critical vulnerabilities and non-compliance.

 

How long does it take to complete the assessment? Can I assign other employees to answer questions when I don’t know the answer?

You don’t’ have to be an expert to complete the assessment. The survey questions are written in layman terms and the answers are all in Yes/No/Not Available format.  CyberCompass™ has built in library and references for each question so you can easily understand how it corresponds to the regulations. You can flag the question if you don’t know the answer.  All the flagged questions are tracked.  With CyberCompass™ you can assign a question or task to someone.  They will receive an email with a deadline.  All the responses are tracked in CyberCompass™. Without professional assistance, CyberCompass™ clients can complete in about three hours.

 

What does results of assessment show and what do I do with them?

Most clients of CyberCompass™ are surprised that the results of the assessment.  The report, which can be kept confidential or shared with your managed service provider, often confirms the reality that 90% of breaches that happen every year come from very simple, easy to solve problems and not big-ticket items.   Most clients discover they are not following the basics of securing client information and not have a plan if a breach happens to reduce business disruption costs.  CyberCompass™ gives you the ability to gain visibility to your vulnerabilities, outline the actions you need to take to improve your cyber security, and monitor your progress to increase your cyber resilience and compliance.

 

How does CyberCompass™ automate compliance?

CyberCompass™ automates most of the compliance requirements with a complete set of policies and procedures and all the compliance plans documentation With CyberCompass™ you learn the basics of cyber security hygiene and incorporate them into your culture for better protection across people, processes, technology and vendors.