The Heffner Agency Inc.
The Heffner Agency Inc.
Home
About
Partners
Join
Payments
Connect
Resources
Homeowner FAQ
Brochures
Forms Accord
Forms Claims
Forms Andover
Forms Harleysville
Forms Quincy
Forms Utica
Cyber
Home
About
Partners
Join
Payments
Connect
Resources
Homeowner FAQ
Brochures
Forms Accord
Forms Claims
Forms Andover
Forms Harleysville
Forms Quincy
Forms Utica
Cyber
Please fill out all fields and submit.
*
Indicates required field
Name
*
First
Last
Email
*
Your Heffner Agency Code
*
Have you filed your annual certificate of compliance with the NYS Department of Financial Services?
*
No
Yes
Do you qualify for any exemptions under the NYS Cybersecurity Regulation (23 NYCRR 500)? If so, please select from the applicable exemptions below.
*
N/A – I do not qualify for any exemptions under the NYS Cybersecurity Regulation (23 NYCRR 500) 500.19(a)(1) – You are entitled to this exemption when a Covered Entity has fewer than 20 employees, including independent contractors.
500.19(a)(1) – You are entitled to this exemption when a Covered Entity has fewer than 20 employees, including independent contractors.
500.19(a)(2) – You are entitled to this exemption when a Covered Entity has less than $7,500,000 in gross annual revenue in each of the last 3 fiscal years from NY business.
500.19(a)(3) – You are entitled to this exemption when a Covered Entity has less than $15,000,000 in year-end total assets.
500.19(b) – You are entitled to this exemption when you are an employee, agent, representative or designee of another Covered Entity and you are following that entity’s cybersecurity program.
500.19(c) – You are entitled to this exemption if you are a Covered Entity that does not utilize an Information System and that does not, and is not required to, directly or indirectly control, own, access, generate, receive or possess Nonpublic Information.
500.19(d) – A captive insurance company that does not control nonpublic information other than information relating to its corporate parent company.
Do you comply with the current published cyber/data security 23 NYCRR 500 (NYS Cybersecurity Regulation)
*
No
Yes
Are your computers located in a secure physical location?
*
No
Yes
Is access to computers controlled by complex passwords?
*
No
Yes
Is your Wi-Fi network secured with a complex password that is changed regularly?
*
No
Yes
Do you use an (up-to-date) anti-virus/malware solution on all computers and servers?
*
No
Yes
Do you regularly check for and install Operating System and software updates?
*
No
Yes
Is all sensitive data encrypted at rest?
*
No
Yes
For all remote connections, do you require multifactor authentication (MFA)? (6 Points) This includes access to cloud environments and applications.
*
No
Yes
Do you have documented security policies and procedures that are distributed to all employees?
*
No
Yes
Do you assess the security controls and compliance of your third-party providers at least annually?
*
No
Yes
N/A Not Used
Do you require annual security awareness training for your employees?
*
No
Yes
Do you have a formal risk & incident process in place, including procedures for notifying external entities of applicable security incidents?
*
No
Yes
Is access to data based on employee qualification tiers?
*
No
Yes
Are physical security controls such as locks, cameras and barriers to entry implemented to protect computers and other IT assets?
*
No
Yes
Are additional access controls in place for people using privileged administrative accounts?
*
No
Yes
Do you review information system accounts and privileges at least quarterly?
*
No
Yes
Do you periodically perform vulnerability testing?
*
No
Yes
Is your network monitored for security events?
*
No
Yes
Do you have a formal Disaster Recovery/Business Continuity Plan in place?
*
No
Yes
Do you have documented data backup and restoration procedures that encompass both full and incremental backups of data?
*
No
Yes
Additional Cyber related Comments and/or Concerns?
*
Note: An answer to any question left blank or checked both Yes & No is considered a "No" response.
No binding, claims, or coverage changes can be submitted via this website or voice/voicemail contact.
Disclaimer
Submit