NYDFS 23 NYCRR 500.14 Security Awareness Training Program

Cyber security awareness training has been recognized as one of the most critical components of a cyber security program. NYDFS requires Covered Entities to complete a cyber security awareness training program for all employees. Curricula can help you get compliant and keep your organization secure.

Compliance Training is Easy with Curricula

In less than 10 minutes, your NYDFS NYCRR 500.14 cyber security awareness training program will be ready to launch right. No clunky software to install, just add your employees into the Curricula app and we’ll take care of the rest! Employees are minutes away from being 23 NYCRR 500 compliant and keeping your organization safe from the bad guys.

Section 500.14 Training and Monitoring

From the NY Dept of Financial Services, as part of its cybersecurity program, each organization must do the following to meet compliance standards for cyber security:

(a) implement risk-based policies, procedures and controls designed to monitor the activity of Authorized Users and detect unauthorized access or use of, or tampering with, Nonpublic Information by such Authorized Users; and

(b) provide regular cyber security awareness training for all personnel that is updated to reflect risks identified by the Covered Entity in its Risk Assessment.

Who does 23 NYCRR 500.14 apply to?

The NYDFS regulations for cyber security now apply to:

  • Credit unions
  • Health insurers
  • State-chartered banks
  • Investment companies
  • Licensed lenders
  • Life insurance companies
  • Mortgage brokers/companies
  • Savings and loan associations
  • Private bankers
  • Offices of foreign banks licensed to operate in NY
  • Commercial banks
  • “Service providers”

Exemptions – the regulation allows a limited exemption for certain covered entities, such as:

  • Companies with <10 people
  • Companies that have acquired <$5 million in gross annual revenue from NY state operations
  • A company that alongside its affiliates has <$10 million in end-of-year total assets; and
  • A licensed captive insurer that does not, or is not required to, control, access, receive, or store non-public information other than information related to its corporate affiliates.
  • Charitable and foreign risk groups operating in New York automatically receive an exemption.

New Employee Onboarding

The Curricula platform will automatically enroll new employees into your required cyber security compliance training. When an employee leaves your organization, the Curricula platform will automatically deactivate them to block their access.

Ready to get started? Set up your free account.

Automatic Employee Notifications

Never have to worry about reminding your employees to complete their required security training. The Curricula platform automatically seeks out employees that need to complete their required cyber security compliance training and sends them custom reminders.

You can’t afford non-compliance

Non-compliance of 23 NYCRR 500 can have violations that cost your business hundreds of thousands of dollars. Why risk non-compliance if you can get started with Curricula in minutes.

Ready to watch an Episode?

Try it out for free.

© 2020 Curricula Group, Inc. All rights reserved.