Your Infosec Strategic Advisor (ISA) works on an as-needed basis, so it's an affordable way to access premium services. The fees are fixed and negotiated upfront, so there are no surprises.
Affected by GDPR? Have you assigned a Data Protection Officer?
GDPR Article 39
Proactive Risk can handle many of the tasks associated with the data protection officer as a supplemental service.
1. The data protection officer shall have at least the following tasks:
(a)to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
For more information on how we can help just contact us to learn more
Financial Services 23 NYC RR 500 - Checklist
We can help with the following areas
500.02 – Creation of an information security program;
500.03 – Documentation of cybersecurity policies;
500.04 – Designate a CISO to report to board and lead cybersecurity program
500.05 – Ongoing Vulnerability and Penetration Testing along with continuous monitoring;
500.06 – Implement an audit trail of transaction and security-related events;
500.07 – Create a process/procedure to limit access and review privileges to nonpublic information;
500.08 – Creation of procedures, guidelines, standards for developing sure applications and assessing security externally developed applications;
500.09 – Periodic entity risk assessments;
500.10 – Provide cyber security training for cybersecurity personnel;
500.11 – Implement a third-party service provider security policy;
500.12 – The use of multi-factor authentication technology;
500.13 – A data retention and disposal policy;
500.14 – User access monitoring capabilities and awareness training;
500.15 – Encryption for nonpublic information at both transit and rest; and
500.16 – A written incident response plan; and
500.17 – Notification of cybersecurity event and annual reporting to the superintendent.