Hone a Plan to Meet Evolving Regulatory Expectations
Cybersecurity Rules and Regulations
Before compliance and legal personnel create cybersecurity policies and procedures, they should understand the standards that need to be met. For investment advisers, however, these standards come from several sources. One primary source is Rule 30 of Regulation S-P, which requires SEC-regulated firms to establish written policies and procedures designed to "(a) Insure the security and confidentiality of customer records and information; (b) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (c) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer." 
1. 17 C.F.R. § 248.30(a).
[To read the full article, click the PDF link below.]