Review of legal and regulatory exposure relative to cyber security preparedness.
- Independent Regulatory Agencies (e.g. SEC, FTC, FCC, CFPB, FDIC), FFIEC, FINRA
- Federal statutory (e.g., SOX/GLBA/HIPAA/COPA)
- State statutes (e.g., California data privacy and breach notification)
- Status as a third-party vendor possibly subject to the regulatory authority governing the client/customer (includes services provided to, e.g., banks, communications companies, retailers, among others)
- One hour of advice outlining possible and probable compliance exposure
- One hour of advice highlighting possible compliance obligations (e.g., obligations of Board of Directors to approve of and oversee an information security program, fiduciary duties to shareholders, requirement of a risk management program, requirement of a risk management program, requirement for a robust vendor risk management program, etc.).