OCIE Cybersecurity and Resiliency Observations and Best Practices

February 5, 2020

On January 27, 2020, the Securities and Exchange Commission Office of Compliance Inspections and Examinations issued examination observations related to cybersecurity and operational resiliency practices.

The observations highlight a set of best practices by market participants in the following areas:  (1) governance and risk management, (2) access rights and controls, (3) data loss prevention, (4) mobile security, (5) incident response and resiliency, (6) vendor management and (7) training and awareness.  Cybersecurity has been a key priority for OCIE since 2012.  Since then, it has published eight cybersecurity-related risk alerts, including an April 2019 alert addressing mobile security. OCIE has perennially included cybersecurity practices as part of its examination priorities and listed all but mobile security as “particular focus areas” in the “information security” priority for 2020

Continue reading on the Cleary Cybersecurity and Privacy Watch blog.