23 CRR-NY 500.6NY-CRR

STATE COMPILATION OF CODES, RULES AND REGULATIONS OF THE STATE OF NEW YORK
TITLE 23. FINANCIAL SERVICES
CHAPTER I. REGULATIONS OF THE SUPERINTENDENT OF FINANCIAL SERVICES
PART 500. CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
23 CRR-NY 500.6
23 CRR-NY 500.6
500.6 Audit trail.
(a) Each covered entity shall securely maintain systems that, to the extent applicable and based on its risk assessment:
(1) are designed to reconstruct material financial transactions sufficient to support normal operations and obligations of the covered entity; and
(2) include audit trails designed to detect and respond to cybersecurity events that have a reasonable likelihood of materially harming any material part of the normal operations of the covered entity.
(b) Each covered entity shall maintain records required by paragraph (a)(1) of this section for not fewer than five years and shall maintain records required by paragraph (a)(2) of this section for not fewer than three years.
23 CRR-NY 500.6
Current through June 15, 2022
End of Document

IMPORTANT NOTE REGARDING CONTENT CURRENCY: The "Current through" date indicated immediately above is the date of the most recently produced official NYCRR supplement covering this rule section. For later updates to this section, if any, please: consult editions of the NYS Register published after this date; or contact the NYS Department of State Division of Administrative Rules at [email protected]. See Help for additional information on the currency of this unofficial version of NYS Rules.