Predict, Prevent, & Protect.
CyberGuard360™
Stay resilient against cyber threats with GiGCXOs' cybersecurity audits.
Our solutions adapt to new threats, providing continuous protection and minimizing downtime for your operations.
-
GiGCXOs offers comprehensive cybersecurity and IT audit services to help broker-dealers comply with Regulations S-P and S-ID, which mandate the safeguarding of customer information.
Our audits include comprehensive penetration testing and in-depth reviews of the firm’s cybersecurity polices and procedures, as well as an assessment of the firm’s cybersecurity program readiness under the NIST framework.
By ensuring your firm’s systems are secure and in line with regulatory standards, we help protect sensitive client data and reduce the risk of cyber threats.
Trust GiGCXOs to keep your firm’s cybersecurity robust and compliant with all applicable regulations.
Download the FINRA Cybersecurity Audit Expectations
-
Fortifying your digital defenses with comprehensive cybersecurity audits.
GiGCXOs' CyberGuard360™ provides your business with a robust cybersecurity audit solution designed to protect against today's most sophisticated digital threats. Our in-depth audits identify vulnerabilities in your systems, networks, and processes, ensuring that your firm is fortified with the highest level of security.
With a team of seasoned cybersecurity experts, CyberGuard360™ offers tailored assessments to meet regulatory requirements and safeguard your critical assets. Stay ahead of cyber risks, protect your data, and maintain the trust of your clients with CyberGuard360™, your ultimate defense against cyber attacks.
GiGCXOs offers comprehensive cybersecurity and IT audit services to help broker-dealers comply with Regulations S-P and S-ID, which mandate the safeguarding of customer information. By ensuring your firm’s systems are secure and in line with regulatory standards, we help protect sensitive client data and reduce the risk of cyber threats.
Learn More About New Amendments to Regulation S-P
For Regulated Firms.
-
The amendments update the rules’ requirements for broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”).
-
Requiring covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information;
Requiring that the response program include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization; and
Broadening the scope of information covered by Regulation S-P's requirements to include:
to cover both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from another financial institution about customers of that financial institution
to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule
Conform Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the FAST Act
Extend both the safeguards rule and the disposal rule to transfer agents registered with the Commission or another appropriate regulatory agency
-
Create an Incident Response Program
The amendments require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.
The incident response program must include procedures to assess the nature and scope of any such incident and to take appropriate steps to contain and control such incidents to prevent further unauthorized access or use.
The amendments also require the incident response program to include the establishment, maintenance, and enforcement of written policies and procedures reasonably designed to require oversight, including through due diligence and monitoring, of service providers.
Develop a Customer Notification Program
The amendments require a covered institution to provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred, except under certain limited circumstances.
The notices must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves.
A covered institution is not required to provide the notification if it determines that the sensitive customer information has not been, and is not reasonably likely to be, used in a manner that would result in substantial harm or inconvenience.
-
Large Firms must be ready December 3, 2025
Small Firms must be ready by June 3, 2026
A Large Firm is considered one of the following:
Investment companies, along with other investment entities within the same related group, whose combined net assets reach $1 billion or more at the conclusion of the most recent fiscal year.
Registered investment advisers: $1.5 billion or more in assets under management.
Broker-dealers:
(i) with more than $500,000 in total capital on the date of the prior fiscal year; and
(ii) is affiliated with any person that is not a large broker dealer.
A transfer agent is a large entity if it: (i) received more than 500 items for transfer and more than 500 items for processing during the preceding six months; (ii) transferred items of issuers that are large entities; (iii) maintained master shareholder files that in the aggregate contained more than 1,000 shareholder accounts or was the named transfer agent for more than 1,000 shareholder accounts at all times during the preceding fiscal year; and (iv) is affiliated with any person that is a large entity.
-
