Cybersecurity Frequently Asked Questions - Producers

  • If I filed a Notice of Exemption from the cybersecurity regulation, do I need to file a Certification of Compliance?

    Yes, you are required to file a Certification of Compliance even if you filed for an exemption under 23 NYCRR Part 500.19. The exemptions are limited and do not exempt you from every requirement of the cybersecurity regulation. If you filed a Notice of Exemption under sections 500.19 (a), (c) or (d), you still are required to file a Certification of Compliance to confirm that you are in compliance with the provisions of the cybersecurity regulation that apply to you as specified in the regulation. Consequently, if you filed for an exemption under subsection (a) of 23 NYCRR 500.19, you still must: maintain a Cybersecurity Program as required in section 500.02; maintain a Cybersecurity Policy as required in section 500.03; limit Access Privileges as required in section 500.07; conduct a Risk Assessment as required by section 500.09; implement a Third Party Service Provider policy as required by section 500.11; limit your Data Retention as required in section 500.13; and provide Notices to the Superintendent as required by section 500.17, which includes filing an annual Certification of Compliance. If you filed for an exemption under subsections (c) or (d) of 23 NYCRR 500.19, you still must: conduct a Risk Assessment as required by section 500.09; implement a Third Party Service Provider Policy as required by section 500.11; limit your Data Retention as required in section 500.13; and provide Notices to the Superintendent as required by section 500.17, which includes filing an annual Certification of Compliance.

  • I already filed a Certification of Compliance so why did I receive a notification that I need to file a Certification of Compliance?

    You received this notice because you have a license with DFS that is still missing a Certification of Compliance. If you hold more than one license, then you need to file a separate Certification of Compliance for each license you hold. This includes licenses for entities and licenses for individuals.

  • If I am currently a non-resident, do I need to file a Certification of Compliance?

    All persons licensed by DFS are required to file a Certification of Compliance under the cybersecurity regulation unless you are exempt under section 500.19 (b). If you are still licensed by DFS and have not applied for that exemption, you must file a Certification of Compliance.