• PRO
  • Events
  • About Blog Popular
  • Login
  • Register
  • PRO
  • Resources
    • Latest updates
    • Q&A
    • In-depth
    • In-house view
    • Practical resources
    • FromCounsel New
    • Commentary
  • Research tools
    • Global research hub
    • Lexy
    • Primary sources
    • Scanner
    • Research reports
  • Resources
  • Research tools
  • Learn
    • All
    • Webinars
    • Videos
  • Learn
  • Experts
    • Find experts
    • Influencers
    • Client Choice New
    • Firms
    • About
    Introducing Instruct Counsel
    The next generation search tool for finding the right lawyer for you.
  • Experts
  • My newsfeed
  • Events
  • About
  • Blog
  • Popular
  • Find experts
  • Influencers
  • Client Choice New
  • Firms
  • About
Introducing Instruct Counsel
The next generation search tool for finding the right lawyer for you.
  • Compare
  • Topics
  • Interviews
  • Guides

Analytics

Review your content's performance and reach.

  • Analytics dashboard
  • Top articles
  • Top authors
  • Who's reading?

Content Development

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics
  • Discover Content
  • Horizons
  • Ideation

Client Intelligence

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates
  • Discover Companies
  • Reports Centre

Competitor Intelligence

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates
Home

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact [email protected]

Register

Financial Services Update, vol.14, issue 21.

Winston & Strawn LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, USA June 3 2019

OCIE Issues Risk Alert Regarding the Safeguarding of Customer Records and Information in Network Storage

On May 23, 2019, the Office of Compliance Inspections and Examinations (“OCIE”) of the SEC issued a risk alert (the “Risk Alert”) to provide investment advisers and broker-dealers with information regarding common deficiencies in recent examinations with respect to security risks associated with the storage of electronic customer records and information in various network-storage solutions, including the electronic storage of information on infrastructure owned and operated by a hosting company or service provider (“cloud storage”). According to the Risk Alert, OCIE examiners identified the following concerns that may raise compliance issues under Regulations S-P and S-ID:

  • Misconfigured network storage solutions. In some cases, firms did not adequately configure settings on their network storage solution to prevent unauthorized access or did not have policies and procedures addressing the security configuration of their network storage solution.
  • Inadequate oversight of vendor-provided network storage solutions. In some cases, firms did not implement policies, procedures, or contractual provisions to appropriately configure security settings on vendor-provided network storage solutions.

  • Insufficient data-classification policies and procedures. In some cases, firms’ policies and procedures did not appropriately identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.

In addition, the Risk Alert lists several features of effective configuration-management programs, data-classification procedures, and vendor-management programs observed by OCIE, including:

  • Policies and procedures designed to support the installation, maintenance, and review of the network storage solution;

  • Guidelines for security controls and baseline security configuration standards; and

  • Vendor management policies and procedures that address regular software patch and hardware updates and review.

Feature:ESMA Regulatory Developments

 

 

Winston & Strawn LLP - Jacqueline P. Hu and Basil V. Godellas

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • USA
  • Banking
  • Capital Markets
  • Company & Commercial
  • Derivatives
  • IT & Data Protection
  • Winston & Strawn LLP

Organisations

  • Commodity Futures Trading Commission (USA)
  • European Securities and Markets Authority

Popular articles from this firm

  1. 2020: The Year of EU Regulation of Crypto-Assets? *
  2. Antitrust and competition–the EU weekly briefing, vol. 1, issue 36 *
  3. Antitrust and competition – the EU weekly briefing (10 August 2015) *
  4. Antitrust and competition – the EU weekly briefing *
  5. Antitrust and competition - the EU weekly briefing (15 December 2015) *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].

Powered by Lexology

Related practical resources PRO

  • Checklist Checklist: Remote working - minimising cybersecurity risks (UK)
  • Checklist Checklist: When and how to appoint a data protection officer (UK)
  • Checklist Checklist: Data subject access rights under the GDPR (UK)

Related research hubs

  • Commodity Futures Trading Commission (USA)
  • USA
  • European Union
  • Derivatives
  • Banking
Back to Top
Resources
  • Daily newsfeed
  • Commentary
  • Q&A
  • Research hubs
  • Learn
  • In-depth
  • Lexy: AI search
Experts
  • Find experts
  • Legal Influencers
  • Firms
  • About Instruct Counsel
More
  • About us
  • Blog
  • Events
  • Popular
Legal
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
Contact
  • Contact
  • RSS feeds
  • Submissions
 
  • Login
  • Register
  • Follow on Twitter
  • Follow on LinkedIn

© Copyright 2006 - 2022 Law Business Research

Law Business Research