Fillable CMS Cyber Security Questionnaire (CMS Risk, LLC)

Fill Online, Printable, Fillable, Blank CMS Cyber Security Questionnaire (CMS Risk, LLC) Form

Use Fill to complete blank online CMS RISK, LLC pdf forms for free. Once completed you can sign your fillable form or send for signing. All forms are printable and downloadable.

CMS Cyber Security Questionnaire (CMS Risk, LLC)

On average this form takes 7 minutes to complete

The CMS Cyber Security Questionnaire (CMS Risk, LLC) form is 2 pages long and contains:

  • 0 signatures
  • 30 check-boxes
  • 14 other fields

Country of origin: US
File type: PDF

Use our library of forms to quickly fill and sign your CMS Risk, LLC forms online.

BROWSE CMS RISK, LLC FORMS

Related forms
Fill has a huge library of thousands of forms all set up to be filled in easily and signed.
Fill in your chosen form
Sign the form using our drawing tool
Send to someone else to fill in and sign.
find another form
 
Last modied: February 11, 2019 4:00 PM
BigINY.org/cybe r
Copyright © 2019 Big I New York
THIRD PARTY SERVICE PROVIDER
QUESTIONNAIRE
Are you a covered enty under the NYS Cybersecurity Regulaon (23 NYCRR 500)? (i.e., do
you hold any license issued by the NYS Department of Financial Services?)
Yes
No
If you are a covered enty, have you led your annual cercate of compliance with the NYS
Department of Financial Services?
Yes
No
N/A
If you are a covered enty, please select any exempons you qualify for:
500.19 (a 1, 2, &/or 3) Limited Exempon
500.19 (b) Employee, agent, or representave of a covered enty
500.19 (c) Do not directly or indirectly maintain, ulize, control, or operate any informaon systems
500.19 (d) Covered enty under Arcle 70 of the NYS Insurance Law (capve insurance company)
500.19 (f) Subject to NYS Insurance law secon 1110 (charitable annuity society), secon 5904 (risk
retenon group not chartered in NY), or are an accredited reinsurer pursuant to 11 NYCRR 125
(reinsurer)
Do you comply with any exisng published cyber/data security standards? If so, please select all that apply.
23 NYCRR 500 (NYS Cybersecurity Regulaon)
ISO/IEC 27000 family of standards (Internaonal Organizaon for Standardizaon)
SOC2/3 and/or SOC for cybersecurity (method to keep data secure)
NIST 7621r1 (small business informaon security fundamentals)
NIST CSF (government cybersecurity framework)
OWASP (Open Web Applicaon Security Project)
GDPR (European data protecon regulaon)
Other
Have you undergone a cybersecurity/vulnerability audit? If so, when and by whom?
Yes
No
Enty
Name & Title of Organizaon Senior Ocer
Name of Organizaon Cybersecurity/Technology Contact
Email Phone
CMS, LLC
Michael Raab, CFO/COO
Michael Raab
Hi-Tek Data services
mraab@cmsrisk.com
631-465-9740
Last modied: February 11, 2019 4:00 PM
BigINY.org/cybe r
Copyright © 2019 Big I New York
Do you encrypt data in transit?
If yes, please list encrypon technology/tool used.
Yes
No
Do you encrypt data at rest (stored data)?
If yes, please list encrypon technology/tool used.
Yes
No
Do you employ access controls and policies designed to limit access to relevant informaon
systems and Nonpublic Informaon
1
?
If yes, please briey describe.
Yes
No
Do you use mul-factor authencaon or risk-based authencaon to protect against
unauthorized access to your Nonpublic Informaon (mulple passwords and codes to access
the network)?
Yes
No
Do you have policies and procedures in place to nofy our organizaon in the event of a
cybersecurity event
2
directly impacng our informaon systems or Nonpublic Informaon?
If yes, please briey describe.
Yes
No
Click here to aest that the above is true and accurate to the best of your knowledge.
Name & Title of person compleng form
Date
1. Denion of NPI: Nonpublic Informaon shall mean all electronic informaon that is not Publicly Available Informaon and is: (1) Business-related
informaon of a Covered Enty the tampering with which, or unauthorized disclosure, access or use of which, would cause a material adverse
impact to the business, operaons or security of the Covered Enty; (2) Any informaon concerning an individual, which because of name, number,
personal mark, or other idener can be used to idenfy such individual, in combinaon with any one or more of the following data elements: (i)
social security number, (ii) driver’ license number or non-driver idencaon card number, (iii) account number, credit or debit card number, (iv) any
security code, access code or password that would permit access to an individual’s nancial account, or (v) biometric records; (3) Any informaon
or data, except age or gender, in any form or medium created by or derived from a health care provider or an individual and that relates to (i) the
past, present or future physical, mental or behavioral health or condion of any individual or a member of the individual’s family, (ii) the provision of
health care to any individual, or (iii) payment for the provision of health care to any individual.
2. Denion of cybersecurity event: Any act or aempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Informaon
System or informaon stored on such Informaon System.
DISCLAIMER:
Big I New York is providing this sample quesonnaire solely as a tool to assist agencies, brokerages, and organizaons in assessing the third party service
providers you work with. This sample quesonnaire is not a substute for agencies, brokerages, and organizaons independently evaluang any business,
legal or other issues, and is not a recommendaon that a parcular course of acon be adopted. State security breach nocaon and privacy laws, coupled
with insurance laws and regulaons, impose varying requirements on agencies, brokerages, or organizaons. Therefore, it is extremely important for agencies,
brokerages, and organizaons to carefully review applicable laws and regulaons in all jurisdicons where they do business in structuring their specic security
policies and processes. We have worked from the requirements in New York Regulaon 23 NYCRR 500 in formulang this sample quesonnaire, because
the New York regulaon imposes some of the most specic requirements. If specic advice is required or desired, the services of an appropriate, competent
professional should be sought. Any agencies, brokerages, or organizaons that uses this sample quesonnaire agrees that Big I NY will have no liability for
anything related to the use of this tool or any issues that may arise related to the decisions that you make or the policy that is developed.
ACCESS IS ONLY PROVIDED TO THOSE WHO NEED IT FOR THEIR JOBS
YES WRITTEN CYBERSECURITY PROCEDURES ARE IN PLACE AND UPON BECOMING AWARE OF ANY BREACH THAT MAY HAVE IMPACTED YOUR NPI WE WILL PROVIDE YOU WITH NOTICE
X
Michael Raab
03/01/2019
Download
Save PDF to desktop
Email
Email completed PDF
Send for Signing
Email for others to sign
Print
Print document
Choose a Field
Click on a field and
select the person that should complete it
Want to add a signature?
You can add a signature field
and assign it to someone else
to sign
Choose a Field
Click on a field and
select the person that should complete it

CMS Cyber Security Questionnaire (CMS Risk, LLC)

This document is locked as it has been sent for signing.

You have successfully completed this document.

Other parties need to complete fields in the document. You will recieve an email notification when the document has been completed by all parties.

This document has been signed by all parties.

Completed 16 July 2020

Message

View Audit Log
Print With Audit Log
Duplicate Document