News

SEC publishes observations on cybersecurity and resiliency practices - 27 February 2020

The SEC Office of Compliance Inspections and Examinations (OCIE) encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. 

The observations, issued on January 27, 2020, relate to cybersecurity and operational resiliency practices taken by market participants.

The OCIE observations highlight "certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness." Specific examples that organizations have taken to safeguard against threats to cybersecurity and operational resiliency practices and controls are highlighted in the observations.

"Data systems are critical to the functioning of our markets and cybersecurity and resiliency are at the core of OCIE’s inspection efforts," said SEC Chairman Jay Clayton. "I commend OCIE for compiling and sharing these observations with the industry and the public and encourage market participants to incorporate this information into their cybersecurity assessments."

"Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency," said Peter Driscoll, Director of OCIE. "We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices."

© 2020 CCH Incorporated and its affiliates and licensors. All rights reserved.