Cyber security and resiliency report issued by the SEC Office of Compliance Inspections and Examinations

Published: Thursday, 30 January 2020 15:02

The Securities and Exchange Commission Commission's Office of Compliance Inspections and Examinations (OCIE) has issued a report providing  observations related to cyber security and operational resiliency practices obtained from examinations taken by market participants.

The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They also highlight specific examples of cyber security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.

OCIE is encouraging market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency in the light of the report.

More details on the OCIE Cybersecurity and Resiliency Observations report.