SEC Cybersecurity and Resiliency Observations Office of Compliance Inspections and Examinations
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC Office of Compliance Inspections and Examination (OCIE) published on January 27 its latest Examination Observations related to cybersecurity and operational resiliency practices.
Through thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants, OCIE has observed various industry practices and approaches to managing and combating cybersecurity risk and the maintenance and enhancement of operational resiliency. These include practices in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. Recognizing that there is no such thing as a “one-size fits all” approach, and that all of these practices may not be appropriate for all organizations, we are providing these observations to assist market participants in their consideration of how to enhance cybersecurity preparedness and operational resiliency.