The National Futures Association, the U.S. futures industry’s self-regulatory organization, has drafted standards that all NFA members will need to apply in protecting themselves from the risk of unauthorized access or attacks on their information systems.
NFA stressed that members have a supervisory obligation to assess and prioritize the risks associated with the use of its information technology systems. The release suggests members should inventory critical information technology, identify significant internal and external threats and deploy protective measures.
NFA also stressed, however, that the requirements need to be flexible given the differences in the size, complexity and type of operations across its membership. The notice accordingly sets general requirements but leaves it up to each member to determine the exact form of their information systems security programs.
