Global cyber services provider Astaara has launched its cyber risk management service in Guernsey, to help local financial services firms meet the new regulations from the Guernsey Financial Services Commission.
The GFSC’s Cyber Security Rules, 2021 were introduced in February, but come into effect on 9th August following a transitional period. Under the guidance and principles, board members must play an active management role and evidence compliance with the rules.
Astaara is able to support boards and senior management, by carrying out risk management reviews and offering attendance at board meetings to evidence continuous cyber enterprise risk management.
“Our Virtual Chief Information Security Officer service will take a huge amount of pressure off boards, ensuring that they are compliant at a fraction of the cost of employing an additional FTE. We can help them prepare for board meetings pertinent to cyber, help them identify compliance gaps, and generate the evidence to prove compliance with the new rules,’ said Astaara’s CEO Robert Dorey (pictured).
“Our VCISO service also gives you access to multiple points of expertise, depending on your needs.”
Under the new rules, all licensees must:
- Be able to provide evidence to the GFSC, on request, that these rules have been considered and implemented in accordance with the size, nature and complexity of the licensee’s business.
- Have in place appropriate policies, procedures and controls to mitigate the risk posed by cyber security events.
- Ensure that any policies, procedures and controls adopted reflect these rules and take into consideration any guidance issued by the Commission
- Adopt the framework for risk management around the NIST model of Identify, Protect, Detect, Respond and Recover.
Astaara is an integrated risk management advisory business incorporating cyber risk advisory and analytics. The senior team has more than 70 years’ experience forged in financial markets in advisory, government, and assurance.