Staying ahead of new laws and regulations that impact your organization is difficult. Maintaining a strong compliance program that meets all of these necessary rules and regulations is daunting. At Secureframe, it’s our mission to empower our customers to build trust by simplifying information security and compliance. 

To date, we’ve helped thousands of customers spend less time on compliance by automating manual processes for popular cybersecurity and privacy frameworks including SOC 2, ISO 27001, GDPR, PCI DSS, and more. Today we are introducing support for three new frameworks on our platform: FTC Safeguards Rule, NYDFS NYCRR 500, and Cyber Essentials. Each new framework includes control mapping to framework requirements, automated tests that collect compliance evidence from integrated technologies, and built-in Secureframe tasks such as policy management as required by each framework. 

What is the FTC Safeguards Rule?

The FTC Safeguards Rule applies to financial institutions that are under the jurisdiction of the Federal Trade Commission (FTC). Organizations that provide financial products or services to consumers must uphold the FTC Safeguards Rule. This includes banks, credit unions, non-bank mortgage lenders, payday lenders, check cashers, and certain payment system participants. 

The FTC Safeguards Rule requires your organization to have a comprehensive information security program in place to protect customer information, protect against threats, and protect against unauthorized access to that data.  

We help you maintain the compliance requirements of the FTC Safeguards Rule with platform features including our enterprise-grade Risk Management solution with AI-powered risk assessment, continuous monitoring of system and network changes, automated tests to catch nonconformities like unencrypted stored customer data, and more. 

What is NYDFS NYCRR 500?

The New York Department of Financial Services (NYDFS) NYCRR 500 framework requires financial institutions operating in New York State to uphold cybersecurity requirements. This includes banks, insurance companies, mortgage lenders, and other financial services providers that are regulated by NYDFS. 

The goal of this cybersecurity regulation is to implement cybersecurity controls around the protection of sensitive customer data as well as maintain the security of systems that can impact customer data. Some of the requirements for this regulation include risk assessments, encryption, incident response plans, and ongoing monitoring. 

With Secureframe, you can seamlessly manage and assess risk, create and manage policies, and continuously monitor your infrastructure and assets to catch nonconformities and misconfigurations, such as lack of encryption. 

What is Cyber Essentials?

Cyber Essentials is a certificate required for organizations working with the UK government to protect against common online threats. This certificate sets a baseline of five essential security controls and best practices to safeguard against common cyber attacks. 

There are two options for the Cyber Essentials certification: Cyber Essentials or Cyber Essentials Plus. Cyber Essentials includes a self-assessment questionnaire (SAQ) while Cyber Essentials Plus requires a third-party assessment. Secureframe is built to help you implement and manage all requirements for both Cyber Essentials and Cyber Essentials Plus. 

The addition of Cyber Essentials follows our recent European data residency announcement which gives you the option to store your data in AWS London so you can take all the necessary measures to ensure data privacy of your customers. 

To learn more about Secureframe, reach out to schedule a demo with one of our compliance experts.