Prepared for the SEC's Cybersecurity and Risk Management Rule?

Fairview CyberComply supports RIAs with every aspect of the Cybersecurity and Risk Management Rule.

Interested? Enter your email below and we will send you more information on our Fairview CyberComply package.

CyberComply

The SEC’s Cybersecurity and Risk Management Rule will require RIAs to make significant changes to their compliance programs. If adopted in its current format, the rule will require advisers to adopt and implement written cybersecurity policies and procedures and produce an annual cyber report.

Fairview CyberComply provides investment advisers with complete support for every aspect of the rule.

The table below outlines each key aspect of the SEC’s Cybersecurity and Risk Management Rule, and Fairview CyberComply’s supporting services.

 

The rule requires firms to: Fairview CyberComply:
1. Conduct an annual cybersecurity risk assessment
  • Conduct an annual cybersecurity risk assessment
  • Provide recommendations on areas for enhancement with prioritization
2. Adopt cybersecurity policies and procedures, including cybersecurity threat and vulnerability management Develop comprehensive policies and procedures, including:

  • Incident Response
  • BCP/DRP
  • Cyber and data security policy, including user security and access management and cybersecurity threat and vulnerability management
3. Establish a vendor management program
  • Assist in implementing a well-documented vendor management program
  • Maintain an approved vendor list
  • Conduct annual vendor due diligence reviews
    • Summarize vendor due diligence findings
    • Coordinate meeting to review a summary of the completed due diligence reviews and take meeting minutes to evidence oversight
4. Conduct and document an annual Cybersecurity Review
  • Conduct annual cybersecurity testing report, including:
    • Detailed outline of review parameters and testing along with findings
    • Reports of phishing and external / internal network scans
    • Analysis of vendor due diligence responses
    • Documentation of risk assessments
    • Recommended updates to policies and procedures
    • Assist with conducting incident response and disaster recovery / business continuity tabletop exercise scenarios
    • Assist with testing material requirements established by cyber policies and procedures
  • Log of cyber and data security training and testing
  • Records of risk assessments and findings
5. Maintain certain books and records
  • Support maintaining required books and records
6. Provide certain cyber disclosures
  • Cyber disclosures
  • Provide support on cybersecurity disclosures and ADV Form C filing upon request

Interesting in pricing or learning more? Contact us today.

EmailCall