Current through December 12, 2024
1. An investment adviser who is licensed or required to be licensed shall establish, implement, update and enforce written policies and procedures for physical security and cybersecurity which are reasonably designed to ensure the confidentiality, integrity and availability of physical and electronic records and information.2. The policies and procedures described in subsection 1 must: (a) Be tailored to the business model of the investment adviser, including, without limitation: (1) The size of the firm;(2) The type of services provided by the investment adviser; and(3) The number of locations of the investment adviser;(b) Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;(c) Ensure that the investment adviser safeguards confidential client records and information;(d) Protect records and information from any release which could result in harm or inconvenience to a client;(e) Develop the organizational understanding to manage information security risks to systems, assets, data and capabilities;(f) Develop and implement the appropriate safeguards to ensure the delivery of critical infrastructure services; and(g) Develop and implement the appropriate activities to:(1) Identify the occurrence of an information security event;(2) Take action regarding a detected information security event; and(3) Maintain plans for resilience and to restore any capabilities or services that were impaired due to an information security event.3. The investment adviser shall: (a) Review at least annually and modify as needed, the policies and procedures described in subsection 1 to ensure the adequacy of the security measures and the effectiveness of their implementation;(b) Keep records relating to any review of the policies and procedures described in paragraph (a), which must include, without limitation, a summary of any amendments made as a result of the review; and(c) Maintain true, accurate and current:(1) Copies of the policies and procedures described in subsection 1, which must be: (I) Maintained in hard copy; or(II) Stored on electronic storage media that is separate from and not dependent upon access to the computers or networks of the investment adviser;(2) Records documenting the compliance of the investment adviser with this section, including, without limitation, evidence of the annual review of the policies and procedures described in subsection 1; and(3) Records of any violation of this section and any action taken as a result of the violation.Nev. Admin. Code § 90.Sec. 10
Added to NAC by Sec'y of State by R018-21A, eff. 6/2/2023