On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert detailing examiners’ latest findings regarding cybersecurity. During OCIE’s Cybersecurity 2 Initiative, examiners focused on firms’ written policies and procedures relating to cybersecurity and how they were validated and tested. In this article from Practical Compliance and Risk Management for the Securities Industry, Les Abromovitz explores the best practices for cybersecurity policies and procedures that firms are implementing.