Ask Tim; Cyber

New: Cyber Reg FAQ Document

Abstract: We are happy to announce a new resource to help you comply with New York's financial services cybersecurity regulation - a "frequently asked questions" document. Body: ​ We are happy to announce a new resource to help you comply with New York's financial services cybersecurity regulation - a "frequently asked questions" document. The seven-page file​ provides answers to some of the questions Big I New York members ask most often about the regulation, including:Are licensed employees required to make the annual compliance filings?How do I get help completing the compliance filing?Does my agency have to submit the Notice of Exemption every year?Do agency employees have…

Continue ReadingNew: Cyber Reg FAQ Document

New Cybersecurity Reg Compliance Tool – Asset Inventory Workbook

Abstract: We have developed a Microsoft Excel workbook that will help you meet the requirement to maintain an inventory of your cyber assets. Body: ​As we mentioned last week, the New York financial services cybersecurity regulation requires all covered entities (including all insurance agencies) to create and maintain an inventory of their information system assets. Entities have until Nov. 1, 2025 to comply with this requirement.We have developed a Microsoft Excel workbook that will help you meet this requirement. For each listed device, it has fields for several pieces of information including those the regulation specifically mentions (owner, location, classification/sensitivity, support expiration date, recovery time…

Continue ReadingNew Cybersecurity Reg Compliance Tool – Asset Inventory Workbook

NY Cybersecurity Regulation: Data Retention & Disposal Requirements

Body: ​Question from a Big I NY member: "Question regarding data retention.  In our agency management system (AMS), we retain files as long as the provider does.  Is that acceptable?  We do so for protection, ie., say we wrote life insurance and fifteen years later the client dies and the company claims some type of misrepresentation from insured on application. We would want all of the backup notes, signed forms, questionnaires.  Is this okay?  I could not find on your website anything addressing this besides that we need to keep for the required legal periods, say seven years as a minimum, but what about longer?Also, say a client leaves us, I do…

Continue ReadingNY Cybersecurity Regulation: Data Retention & Disposal Requirements