The adoption of new laws governing the handling of private data, such as the New York SHIELD Act, is making the job of risk and compliance managers more complicated than ever. To address these challenges,™ has expanded CyMetric™, its cyber-compliance software-as-a-service platform, to include SHIELD compliance as well as several other data privacy and security regulations impacting health care, financial services, education and other markets.

CyMetric maps the requirements of multiple regulations across an organization, consolidating them into a single program. The software automatically creates a legally compliant set of policies with the procedures necessary for implementation. was formed by Harris Beach PLLC, one of the country’s top law firms according to The National Law Journal.

In addition to the New York SHIELD Act for data privacy and security, signed into law by Gov. Andrew Cuomo in July, the new regulations mapped into CyMetric include:

  • Health Insurance Portability and Accountability Act of 1996, or HIPAA
  • New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
  • General Data Protection Regulation (GDPR), the European Union’s signature privacy law
  • New York Education Law 2-d and 8 NYCRR Part 121
  • New York State Department of Health Office of Health Information Programs
  • Defense Federal Acquisition Regulation Supplement (DFARS) Cybersecurity Requirements
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
  • North American Electric Reliability Corporation (NERC) CIP-013-1, to insure data integrity and cyber security in the nation’s bulk electric system supply chain

Additional regulations to be added shortly include the California Consumer Privacy Act, the Canadian Consumer Privacy and Health Care Privacy Acts and the SOC-2 control set for security certifications.

“In response to widespread concerns about privacy, governments and industries are taking decisive steps to enact rules and create standards designed to keep our data safe,” said Alan Winchester, chief development officer of Caetra and a partner at Harris Beach PLLC. “As a result, the role of the compliance officer and risk manager has become significantly more challenging, requiring attention to countless details and the monitoring of numerous controls. CyMetric simplifies the challenge of making sure all regulations are being followed and the data defended, while saving time and money and adding peace of mind.”

CyMetric also provides a mechanism for customers to assess, measure and demonstrate progress on compliance programs, allowing users to see in real time how the organization is performing against requirements.

About Caetra
Caetra is a software company and developer of CyMetric, the cloud-based data privacy and data security compliance tool that unifies disparate regulations into one single, legally-vetted compliance program. As a wholly-owned subsidiary of Harris Beach, Caetra draws upon both the insight of regulatory experts and the advice of attorneys from a national law firm to identify organizations’ individual compliance needs, map them to evolving regulations and assist them in continually assessing their program – providing stakeholders a clear snapshot of their cybersecurity compliance program.