CCO Resource Center: Members’ Cyber-Related Compliance Policies and Procedures

Chief Compliance Officer Committee

Members’ Cyber-Related Compliance Policies and Procedures

During the May 2016 meeting of ICI’s CCO Committee, the members expressed an interest in the Institute collecting members’ compliance policies and procedures related to cybersecurity. Subsequent to the meeting the Institute requested this information from members. The Institute has compiled the policies and procedures we received and grouped them based on whether they relate to data/information security, incident response, or vendors. (We received submissions from approximately 14 member firms.) Within each such subheading, we have organized the policies from the shortest to the longest. (For firms that shared policies and procedures with us that spanned more than one of these areas, we have separated the component parts of their submission to include them in the appropriate area.) We have made every effort to redact any identifying or proprietary information from these documents. We apologize in advance if we failed to completely redact such information. Please do not share this information with anyone outside of your member firm. As additional members share their cyber-related policies and procedures with us, we will add them to this compilation.

• Cyber‐Related Materials: Policies and Procedures Relating to Information/Data Security

The documentation provided by ICI that may be accessed by the CCO Committee members is restricted to members’ use only and not for distribution or reproduction. Documentation may be used internally at member organizations as needed.