In August, the board of the National Futures Association (NFA), a self-regulatory organization for the American derivatives industry, approved new rules for its member firms and requested approval of those rules from the Commodity Futures Trading Commission. The NFA abjured a one-size-fits-all approach, instead prescribing a general framework for each member to tailor to its specific risks. The NFA now requires each member to have a formal written information systems security program, approved at the member’s executive level. The program should contain: a risk analysis, a description of the safeguards deployed, and the process for evaluating the nature of a security breach. The full text of the proposed rules can be found on the NFA’s website.