We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.
  • Login
  • Register
  • Newsfeed
  • GTDT
  • Hubs
  • Learn
  • Webinars
  • Store
  • Blog
  • Events
  • Popular
  • Awards
  • About
  • GTDT
  • Guides
Getting The Deal Through joins Lexology
GTDT and Lexology Navigator have merged

CONTENT DEVELOPMENT

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics New
  • Discover Content
  • Horizons Beta
  • Ideation

CLIENT INTELLIGENCE

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates New
  • Discover Companies
  • Insight Reports

COMPETITOR INTELLIGENCE

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates Coming soon
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact customerservices@lexology.com

Register

Financial Services Update, vol.14, issue 21.

Winston & Strawn LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, USA June 3 2019

OCIE Issues Risk Alert Regarding the Safeguarding of Customer Records and Information in Network Storage

On May 23, 2019, the Office of Compliance Inspections and Examinations (“OCIE”) of the SEC issued a risk alert (the “Risk Alert”) to provide investment advisers and broker-dealers with information regarding common deficiencies in recent examinations with respect to security risks associated with the storage of electronic customer records and information in various network-storage solutions, including the electronic storage of information on infrastructure owned and operated by a hosting company or service provider (“cloud storage”). According to the Risk Alert, OCIE examiners identified the following concerns that may raise compliance issues under Regulations S-P and S-ID:

  • Misconfigured network storage solutions. In some cases, firms did not adequately configure settings on their network storage solution to prevent unauthorized access or did not have policies and procedures addressing the security configuration of their network storage solution.

  • Inadequate oversight of vendor-provided network storage solutions. In some cases, firms did not implement policies, procedures, or contractual provisions to appropriately configure security settings on vendor-provided network storage solutions.

  • Insufficient data-classification policies and procedures. In some cases, firms’ policies and procedures did not appropriately identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.

In addition, the Risk Alert lists several features of effective configuration-management programs, data-classification procedures, and vendor-management programs observed by OCIE, including:

  • Policies and procedures designed to support the installation, maintenance, and review of the network storage solution;

  • Guidelines for security controls and baseline security configuration standards; and

  • Vendor management policies and procedures that address regular software patch and hardware updates and review.

Feature:ESMA Regulatory Developments

 

 

Winston & Strawn LLP - Jacqueline P. Hu and Basil V. Godellas
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • USA
  • Banking
  • Capital Markets
  • Company & Commercial
  • Derivatives
  • IT & Data Protection
  • Winston & Strawn LLP

Tagged with

  • CFTC
  • ESMA

Popular articles from this firm

  1. Antitrust and Competition - The EU Weekly Briefing (19 September 2016) *
  2. Antitrust and Competition - The EU Weekly Briefing (7 February 2017) *
  3. Antitrust and competition – the EU weekly briefing (17 November 2014) *
  4. Antitrust and Competition - The EU Weekly Briefing ( 31 May 2016) *
  5. IOC Forced to Open Up Athlete Advertising During Olympics *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email enquiries@lexology.com.

Powered by Lexology

Featured Video

Nathalie Voser
1:17 min

Nathalie Voser

Schellenberg Wittmer

Thought leaders – behind the arbitrator

Watch now

Related topic hubs

  1. CFTC
  2. European Union
  3. USA
  4. Capital Markets
  5. Company & Commercial

Related European Union articles

  1. Privacy & Cybersecurity Update - May 2019 *

Related international articles

  1. OCIE Risk Alert Highlights Risks Associated with Adviser and Broker-Dealer Use of Cloud-Based Storage of Customer Records * - USA
  2. OCIE Warns That Investment Advisers and Broker-Dealers Are Putting Investor Information at Risk * - USA
  3. OCIE Publishes Risk Alert regarding Safeguarding of Customer Information Stored on Cloud and Other Network Storage Solutions * - USA
Martha van den Beld
Legal Counsel
TOTAL Nederland NV
What our clients say

"Lexology is a high quality service; the articles are very relevant and always useful"

Back to Top
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
  • GDPR compliance
  • RSS feeds
  • Contact
  • Submissions
  • About
  • Login
  • Register
  • Follow on Twitter
  • Search
Globe Business Media Group

© Copyright 2006 - 2019 Globe Business Media Group