SEC Announces 2nd Round of Cybersecurity Exams

Posted by Andrew Borowiec on Oct 21, 2015 12:38:44 PM

The SEC announced it will conduct a second round of cybersecurity examinations and released a sample list of information that the Office of Compliance Inspections and Examinations may review in the context of conducting examinations.

Governance and Risk Assessment: Examiners may assess whether registrants have cybersecurity governance and risk assessment processes in the areas outlined below:

  • Access Rights and Controls: how firms control access to various systems and data via management of user credentials, authentication, and authorization methods.
  • Data Loss Prevention: how firms monitor the volume of content transferred outside of the firm by its employees or through third parties, such as by email attachments or uploads.
  • Vendor Management: firm practices and controls related to vendor management, such as due diligence with regard to vendor selection, monitoring and oversight of vendors, and contract terms.
  • Training: how training is tailored to specific job functions and how training is designed to encourage responsible employee and vendor behavior.
  • Incident Response: whether firms have established policies, assigned roles, assessed system vulnerabilities, and developed plans to address possible future events.

Please click here for a link to the SEC’s release

Tags: Fund of Funds, HR Due Diligence, Policies and Procedures, Service Providers, Article, Business Continuity/Disaster Recovery, Education Articles, Fraud Risk and Irregularities, Hedge Funds, Private Equity, SEC Exams, Technology

Copyright 2019, IMDDA. All rights reserved.

INVESTMENT MANAGEMENT
DUE DILIGENCE ASSOCIATION
5645 Coral Ridge Drive Suite 297
Coral Springs, FL 33076

Due diligence questions?
ASK AN EXPERT

Topics

see all

Most viewed

Customer In-House Training Solutions