The DFS Secure Portal is now accepting the filing of Notice of Limited Exemption, as cited in § 500.19 of 23 NYCRR 500.

Here is a link to the Portal - https://myportal.dfs.ny.gov/web/cybersecurity/

COMPLIANCE TIMELINE

FOR COVERED ENTITIES WHO MEET THE LIMITED EXEMPTION REQUIREMENTS (§ 500.22)

March 1, 2017 - Effective Date of Regulations

August 28, 2017 - Transitional Period ends – compliance requirement begins for most provisions of the regulation (§500.22)

February 15, 2018 - Notice of exception must be  filed with the DFS (and each year thereafter on 2/15) (§500.17)

March 1, 2018 – Risk Assessment to be completed (§ 500.09)

August 30, 2018 – Policy must be in place for periodic disposal of NPI (§ 500.13)

March 1, 2019 - Develop a Third Party Service Provider Security Policy (§500.11)