It is sometimes said – usually by nerdy Information Security people – that there are two types of companies: those that know that they have had a data breach and those that don’t know that they have had a data breach.
It is therefore critical to have a plan in place for the day you experience a breach of Nonpublic Information. It is inevitable…and the New York Department of Financial Services requires it in Section 16 of Reg 500.
An Incident Response Plan is a written document designed to help Covered Entities “promptly respond to and recover from any Cybersecurity Event.” It is the guide to help a company navigate the chaotic time after a data breach.
The Incident Response Plan has a specific intent, and NY DFS also calls out certain pieces that must be included, such as:
- The internal processes for responding to a Cybersecurity Event
- The goals of the incident response plan
- The definition of clear roles, responsibilities and levels of decision-making authority
- External and internal communications and information sharing
- Identification of requirements for the remediation of any identified weaknesses in information Systems and associated controls
- Documentation and reporting regarding Cybersecurity Events and related incident response activities
- The evaluation and revision as necessary of the incident response plan following a Cybersecurity Event
This is a thorough list of areas to cover. Each should be contemplated and considered carefully as you plan out how you’ll respond to a Cybersecurity Event.
Section 16 of Reg 500 is required even for small companies and independent insurance agents and brokers that have limited exemptions. If you are a one-person business, your plan might look different than a larger company because you will be the sole person communicating with external stakeholders and running point for the response plan.
Either way, Securibly has you covered and has developed an Incident Response Plan based on industry standards and best practices. We can help you check the box for compliance quickly and effectively.
