• Login
  • Register
  • PRO
    • PRO Compliance plan
    • PRO Compliance
    • PRO subscription plans
    • Curated articles
    • In-depth
    • Market intelligence
    • Practice guides
    • PRO Reports New
    • Lexology GTDT
    • Ask Lexy
  • PRO
  • Latest
  • GTDT
  • Research
  • Learn
  • Experts
  • Store
  • Blog
  • Events
  • Popular
  • Influencers
  • About
  • Explore
  • Legal Research
  • Primary SourcesBeta
  • PRO Compliance

Introducing PRO Compliance
The essential resource for in-house professionals

  • Compare
  • Topics
  • Interviews
  • Guides
Getting The Deal Through joins Lexology
GTDT and Lexology Navigator have merged

CONTENT DEVELOPMENT

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics New
  • Discover Content
  • Horizons Beta
  • Ideation

CLIENT INTELLIGENCE

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates New
  • Discover Companies
  • Reports Centre New

COMPETITOR INTELLIGENCE

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates New

Lexology PRO

Power up your legal research with modern workflow tools, AI conceptual search and premium content sets that leverage Lexology's archive of 900,000+ articles contributed by the world's leading law firms. 

PRO Compliance plan
PRO subscription plans

Premium content

  • Curated articles
  • In-depth
  • Market intelligence
  • Practice guides
  • PRO Reports New

Analysis tools

  • Lexology GTDT
  • Ask Lexy
Explore all PRO content PRO Compliance
  • Find experts
  • About
  • Firms
Introducing Instruct Counsel
The next generation search tool for finding the right lawyer for you.
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact [email protected]

Register

Financial Services Update, vol.14, issue 21.

Winston & Strawn LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, USA June 3 2019

OCIE Issues Risk Alert Regarding the Safeguarding of Customer Records and Information in Network Storage

On May 23, 2019, the Office of Compliance Inspections and Examinations (“OCIE”) of the SEC issued a risk alert (the “Risk Alert”) to provide investment advisers and broker-dealers with information regarding common deficiencies in recent examinations with respect to security risks associated with the storage of electronic customer records and information in various network-storage solutions, including the electronic storage of information on infrastructure owned and operated by a hosting company or service provider (“cloud storage”). According to the Risk Alert, OCIE examiners identified the following concerns that may raise compliance issues under Regulations S-P and S-ID:

  • Misconfigured network storage solutions. In some cases, firms did not adequately configure settings on their network storage solution to prevent unauthorized access or did not have policies and procedures addressing the security configuration of their network storage solution.
  • Inadequate oversight of vendor-provided network storage solutions. In some cases, firms did not implement policies, procedures, or contractual provisions to appropriately configure security settings on vendor-provided network storage solutions.

  • Insufficient data-classification policies and procedures. In some cases, firms’ policies and procedures did not appropriately identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.

In addition, the Risk Alert lists several features of effective configuration-management programs, data-classification procedures, and vendor-management programs observed by OCIE, including:

  • Policies and procedures designed to support the installation, maintenance, and review of the network storage solution;

  • Guidelines for security controls and baseline security configuration standards; and

  • Vendor management policies and procedures that address regular software patch and hardware updates and review.

Feature:ESMA Regulatory Developments

 

 

Winston & Strawn LLP - Jacqueline P. Hu and Basil V. Godellas
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • USA
  • Banking
  • Capital Markets
  • Company & Commercial
  • Derivatives
  • IT & Data Protection
  • Winston & Strawn LLP

Tagged with

  • CFTC
  • ESMA

Popular articles from this firm

  1. Europe, Facebook, and WhatsApp Users *
  2. The Main Trade Provisions of the UK-EU Trade and Cooperation Agreement *
  3. The UK-EU Trade and Cooperation Agreement: Tax Implications *
  4. Key Dispute Resolution Considerations for In-House Counsel *
  5. Key Dispute Resolution Considerations for In-House Counsel *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].

Powered by Lexology
loading...

Related topic hubs

  1. CFTC
  2. European Union
  3. USA
  4. Capital Markets
  5. Derivatives

Related European Union articles

  1. Privacy & Cybersecurity Update - May 2019 *

Related international articles

  1. OCIE Risk Alert Highlights Risks Associated with Adviser and Broker-Dealer Use of Cloud-Based Storage of Customer Records * - USA
  2. OCIE Warns That Investment Advisers and Broker-Dealers Are Putting Investor Information at Risk * - USA
  3. OCIE Publishes Risk Alert regarding Safeguarding of Customer Information Stored on Cloud and Other Network Storage Solutions * - USA
Gee Yung Loong
Senior Director
McAfee Inc
What our clients say

"I think it is a great service, continue the good work."

Back to Top
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
  • GDPR compliance
  • RSS feeds
  • Contact
  • Submissions
  • About
  • Login
  • Register
  • Follow on Twitter
  • Search
Law Business Research

© Copyright 2006 - 2021 Law Business Research