As we mentioned last week, the New York financial services cybersecurity regulation requires all covered entities (including all insurance agencies) to create and maintain an inventory of their information system assets. Entities have until Nov. 1, 2025 to comply with this requirement.
We have developed a Microsoft Excel workbook that will help you meet this requirement. For each listed device, it has fields for several pieces of information including those the regulation specifically mentions (owner, location, classification/sensitivity, support expiration date, recovery time objectives.) Where possible, it uses drop-down menus to make selecting an answer easier. It is currently formatted for up to 100 devices. Should we start to get complaints that this is not enough, we’ll update it.
The new workbook is available here. You can always find it by:
- Logging in at www.biginy.org.
- Clicking the Cybersecurity button on the home page.
- Clicking the Compliance Resources image.
- Clicking on "Step 2: Conduct An Internal Agency Risk Assessment."
- Clicking on "Device Inventory."