Cyber & IT Supervisory Forum - November 2023

APPENDIX: OPTIONAL State Regulator Exam

Your agency has joined a mul Ɵ‐ state examina Ɵ on of Acme Mortgage Subservicer in the a Ō ermath of the ransomware a Ʃ ack. The examina Ɵ on is scheduled to be onsite on October 2nd, approximately 120 days a Ō er the incident occurred. The exam will evaluate the company's response to the incident and assess the implementa Ɵ on of safeguards to protect against future a Ʃ acks. In addi Ɵ on, the exam team will review compliance with state (and federal) laws regarding data breach incidents. ** This sec Ɵ on is designed to be used as a conclusion to the primary exercise and asks regulatory par Ɵ cipants to shi Ō their focus from the company’s perspec Ɵ ve to that of a regulatory examiner. As this sec Ɵ on builds upon the principles contained in the previous por Ɵ on of the exercise, this sec Ɵ on is less detailed but provides some speci fi c considera Ɵ ons for examiners interac Ɵ ng with a company in the immediate a Ō ermath of an incident. Address the following basic areas for addi Ɵ onal a Ʃ en Ɵ on during a post ‐ incident examina Ɵ on. a. Response to the Incident and A Ō er ‐ Incident Documenta Ɵ on b. Review of the Incident Response Plan c. Technical Safeguards and Security Measures d. Employee Training and Awareness

9