Managed cybersecurity service Bay Area

(510) 272-4701



New Infosec Requirements Take Effect in NY State

Anne Bisagno


If you're a financial services company doing business in New York state, March 1 was your deadline to file for your first annual certification with 23 NYCRR 500. This is the state's groundbreaking cybersecurity regulation that mandates risk assessments, vulnerability assessments, penetration testing, multifactor authentication, and end-user awareness training.


Covered companies have already been required since August to report not just breaches of personally identifiable information (PII), but any other event that has a "reasonable likelihood" of causing material harm to normal operations. The law says companies must report these events within 72 hours.


Xantrion can help you bring your information security up to New York state's rigorous standards. Call us to get started.

Ready to learn more? Get the latest Xantrion news and IT tips.


Like leading SF Bay Area based MSP Xantrion on Facebook Award-Winning Bay Area managed IT service provider Xantrion is on Linkedin Follow top Bay Area MSP Xantrion on Twitter