Skip to main content

Small Firm Cybersecurity Checklist

Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:

  • Identify and assess cybersecurity threats;
  • Protect assets from cyber intrusions;
  • Detect when their systems and assets have been compromised;
  • Plan for the response when a compromise occurs; and
  • Implement a plan to recover lost, stolen or unavailable assets.

This checklist is primarily derived from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and FINRA’s Report on Cybersecurity Practices.

FINRA Compliance Tools Disclaimer
This optional tool is provided to assist member firms in fulfilling their regulatory obligations. This tool is provided as a starting point and you must tailor this tool to reflect the size and needs of your firm. Using this tool does not guarantee compliance with or create any safe harbor with respect to FINRA rules, the federal securities laws or state laws, or other applicable federal or state regulatory requirements. This tool does not create any new legal or regulatory obligations for firms or other entities.

Updates
This tool was last reviewed and updated, as needed, on February 21, 2024. This tool does not reflect any regulatory changes since that date. FINRA periodically reviews and update these tools. FINRA reminds member firms to stay apprised of new or amended laws, rules and regulations, and update their WSPs and compliance programs on an ongoing basis.

Member firms seeking additional guidance on certain regulatory obligations should review the Cybersecurity Topic Page and any relevant FINRA Topic Pages.

Staff Contact(s)
FINRA's Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting the Rules for more information.

OGC Staff Contacts
Phil Shaikun and Carrie Jordan
1700 K Street, NW
Washington, DC 20006
(202) 728-8000

Download the Cybersecurity Checklist