Organizations have a lot of work to complete by February 15, 2018. Those that can't make that deadline have limited options, but there are approaches they can try.
It's possible to obtain exemption from some of the regulation’s requirements.
The actual drafting of the program should be done in steps. It becomes another plan for the organization, comparable to sales, marketing and other plans that collectively drive the business and shape the work environment.
Simply working in chronological order based on compliance dates may not be the best way to start.
Several years of preparation became reality when the New York Department of Financial Services introduced its first-in-the nation cybersecurity regulation in 2017 covering agents and brokers among other financial services providers and professionals.