Nev. Admin. Code § 90.Sec. 10 - NEW
1.
An investment adviser who is licensed or required to be licensed shall
establish, implement, update and enforce written policies and procedures for
physical security and cybersecurity which are reasonably designed to ensure the
confidentiality, integrity and availability of physical and electronic records
and information.
2. The policies
and procedures described in subsection 1 must:
(a) Be tailored to the business model of the
investment adviser, including, without limitation:
(1) The size of the firm;
(2) The type of services provided by the
investment adviser; and
(3) The
number of locations of the investment adviser;
(b) Protect against reasonably anticipated
threats or hazards to the security or integrity of client records and
information;
(c) Ensure that the
investment adviser safeguards confidential client records and
information;
(d) Protect records
and information from any release which could result in harm or inconvenience to
a client;
(e) Develop the
organizational understanding to manage information security risks to systems,
assets, data and capabilities;
(f)
Develop and implement the appropriate safeguards to ensure the delivery of
critical infrastructure services; and
(g) Develop and implement the appropriate
activities to:
(1) Identify the occurrence of
an information security event;
(2)
Take action regarding a detected information security event; and
(3) Maintain plans for resilience and to
restore any capabilities or services that were impaired due to an information
security event.
3. The investment adviser shall:
(a) Review at least annually and modify as
needed, the policies and procedures described in subsection 1 to ensure the
adequacy of the security measures and the effectiveness of their
implementation;
(b) Keep records
relating to any review of the policies and procedures described in paragraph
(a), which must include, without limitation, a summary of any amendments made
as a result of the review; and
(c)
Maintain true, accurate and current:
(1)
Copies of the policies and procedures described in subsection 1, which must be:
(I) Maintained in hard copy; or
(II) Stored on electronic storage media that
is separate from and not dependent upon access to the computers or networks of
the investment adviser;
(2) Records documenting the compliance of the
investment adviser with this section, including, without limitation, evidence
of the annual review of the policies and procedures described in subsection 1;
and
(3) Records of any violation of
this section and any action taken as a result of the violation.
Notes
NRS 90.390, 90.750
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.