Small Firm Cybersecurity Checklist
Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:
- Identify and assess cybersecurity threats;
- Protect assets from cyber intrusions;
- Detect when their systems and assets have been compromised;
- Plan for the response when a compromise occurs; and
- Implement a plan to recover lost, stolen or unavailable assets.
This checklist is primarily derived from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and FINRA’s Report on Cybersecurity Practices.
FINRA Compliance Tools Disclaimer
This optional tool is provided to assist member firms in fulfilling their regulatory obligations. This tool is provided as a starting point and you must tailor this tool to reflect the size and needs of your firm. Using this tool does not guarantee compliance with or create any safe harbor with respect to FINRA rules, the federal securities laws or state laws, or other applicable federal or state regulatory requirements. This tool does not create any new legal or regulatory obligations for firms or other entities.
This tool was last updated on September 7, 2023. This tool does not reflect any regulatory changes since that date. FINRA periodically reviews and update these tools. FINRA reminds member firms to stay apprised of new or amended laws, rules and regulations, and update their WSPs and compliance programs on an ongoing basis.
FINRA's Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting the Rules for more information.