In this video, we will discuss the essential items that the SEC expects to see covered in your policies and procedures manual for SEC registered firms.
One crucial aspect that the commission looks for is how you manage user access rights. It is vital to ensure that employees only have access to the systems they need to perform their specific roles. This prevents unauthorized access and maintains data integrity.
Protecting sensitive information is another critical factor that the SEC focuses on.
Cybersecurity and threat vulnerability management solutions are also areas of interest for the SEC. It is crucial to have a robust plan in place to respond to and recover from cyber events such as attacks and prolonged internet outages.
In addition, it is important to include your annual risk and threat assessment reports, providing a comprehensive overview of potential risks and threats faced by your firm. Furthermore, outlining an employee cybersecurity training program is paramount. If you do not already have a program in place, we highly recommend considering our training program called Fieldcraft. It can be set up in less than 10 minutes and is available for free for firms with less than 10 employees.
By addressing these points in your policies and procedures manual, you will demonstrate your commitment to regulatory compliance and strengthen your firm’s cybersecurity posture.