The IT Law Wiki


North American Securities Administrators Association, Investment Adviser Information Security and Privacy Rule (May 19, 2019) (full-text).


Every investment adviser registered or required to be registered shall establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The policies and procedures must be tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser.