Ready to meet New York State's updated cybersecurity requirements?

If you are using Salesforce to manage customer data, OwnBackup can help you with this compliance journey.

The New York State Department of Financial Services (NYDFS) is updating the 23 NYCRR 500 regulation titled “Cybersecurity Requirements for Financial Services Companies.” Companies have one year to comply with the updated regulation, which encompasses the following:

Asset inventory

Risk assessment

Multi-factor authentication (MFA) implementation

Business continuity and disaster recovery (BCDR)

Governance

CEO/CISO certification

Larger companies (“Class A” companies), with aggregate revenue from New York operations and over $1 billion globally, or 2,000 employees globally, must also:

Complete an annual external audit of cybersecurity program

Use external experts to conduct a risk assessment at least once every three years

Implement an access management password solution and controls to prevent the usage of common passwords for privileged accounts

Implement an end-point detection and response system to monitor for anomalous activity and generate alerts

The regulation also requires a compliance filing, which raises the risk of firms falling short and incurring millions in fines. Companies must also implement new controls, increase the frequency of existing cyber controls, and ensure that their compliance with the regulation is documented.

How OwnBackup can help ensure NYDFS compliance for Salesforce:

Secure

Least privileged access management solution (section 500.7 on pages 8-9)
Encryption (section 500.15 on page 12)

Key Features

Data classification

Identify where your highest-risk information assets are located in Salesforce.

Disaster recovery

Maintain and protect backups while being able to reliably and rapidly restore data.

Privileged access

Proactively limit and secure user access to sensitive information.

Data retention

Archive immutable records in the cloud and secure sensitive legacy data.

Event monitoring

Detect potential issues causing the deletion or corruption of data.

Encryption

Implement encryption of nonpublic information at rest or in transit.

Learn how OwnBackup can help you identify data exposure risks and proactively take action to protect and secure your data.

Salesforce Data Security: Your Blueprint for Success in 2023 featuring PwC

Register for this exclusive webinar with Salesforce and PwC to explore what the blueprint for SaaS data security looks like in 2023, how to reduce the impact of data breaches, and the importance of ‘zero-trust’ in cloud security.

Save your spot

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.