New York Policy Statement 101, also known as the New York Financial Services Law, is an administrative rule issued by the New York State Department of Financial Services in 2011. It sets forth the minimum standards for cybersecurity protection for entities regulated by the Department. The Statement is applicable to all New York banking organizations, insurance companies, and other financial services entities. It provides guidance on developing, implementing, and maintaining an effective cybersecurity program and on responding to cybersecurity events. The Statement also requires entities to conduct periodic risk assessments, practice secure software development, and provide timely notification of security incidents. There are three main components of New York Policy Statement 101: Cybersecurity Program Requirements, Cybersecurity Event Reporting, and Third-Party Service Provider Management.