Thornton & Associates wanted to let you know that FINRA announced a new contact name in your FINRA Contact Questionnaire titled Chief Information Security Officer (CISO).

The CISO role is defined as:

“Person at your firm responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected, or person closest to that role.”

The rules for identifying the CISO role are as follows:

1. Your firm is not required to list an individual on the FINRA contact questionnaire. It is voluntary and the decision to list an individual is completely at your discretion. If you would like us to identify a CISO on the questionnaire we would be happy to do so. It is our position that identifying a CISO will not help or hurt you from a regulatory perspective.

2. If you choose to identify a CISO, that individual is not required to hold a principal designation with the firm;

3. If you decide to list a CISO, only one person can be listed. This differs from other positions listed in the FINRA Contact Questionnaire which require both a primary and secondary contact; and

4. The CISO is not included in the Annual Contact Questionnaire review and update.

Please feel free to contact us at (626) 356-0200 if you have any questions.