Several compliances that we work with have deadlines coming up.  Here’s a quick list with links to more detailed information:

  1. 23 NYCRR 500 – The New York State Department of Financial Services regulation became effective March 31st, 2017 and applies to financial services companies, as well as their subsidiaries, affiliates and in some cases, their vendors.  Covered entities are supposed to be meeting the requirements as of 8/31/17, have until September 30th to file for exemptions, and are expected to submit their first annual attestation of compliance by February 15, 2018.
  2. NIST 800-171 – The National Institute of Standards & Technology (NIST) published NIST 800-171 to provide guidance for federal agencies to ensure that Controlled Unclassified Information (CUI) is protected.  These controls apply to vendors who perform work for the government; higher-education (if no other regulation, such as FISMA is already protecting the CUI), manufacturers and their subcontractors and vendors who receive/transmit/store CUI.  Entities are required to attest to their compliance by December 31, 2017, and many manufacturers are already receiving purchase orders stating that by accepting the PO, the company is attesting to compliance with NIST 800-171.
  3. GDPR – The EU General Data Protection Regulation was designed to protect the privacy of all EU citizens by extending to all organizations who process or store personal data – regardless of where the organization is located. Adopted in April 2016, there is a 2 year transition period to meet requirements by April 2018.

Contact us for assistance with understanding how these requirements might apply to your organization, and guidance with how to respond.