NY SHIELD Act Compliance Readiness Calculator

ANALife Services AuthorityNational Calculator Authority›NY SHIELD Act Compliance Readiness Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

NY SHIELD Act Compliance Readiness Calculator

Evaluate your organization's compliance readiness with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act by scoring your current security program across administrative, technical, and physical safeguard categories.

### Organization Profile

Number of Employees

Estimated NY Residents' Records Held

Industry Sector

-- Select Industry -- Healthcare Finance / Banking Retail / E-Commerce Technology / SaaS Education Nonprofit Other

### Administrative Safeguards (35% weight)

Risk Assessment Program (0 = None, 1 = Informal, 2 = Documented, 3 = Reviewed Annually)

Written Information Security Policy (0 = None, 1 = Draft, 2 = Approved, 3 = Enforced & Updated)

Employee Security Training (0 = None, 1 = Ad Hoc, 2 = Annual, 3 = Role-Based & Tracked)

Third-Party Vendor Management (0 = None, 1 = Informal, 2 = Contracts Only, 3 = Full Due Diligence)

Incident Response Plan (0 = None, 1 = Draft, 2 = Tested Once, 3 = Regularly Tested)

### Technical Safeguards (40% weight)

Encryption at Rest (0 = None, 1 = Partial, 2 = Most Systems, 3 = All Sensitive Data)

Encryption in Transit (0 = None, 1 = Partial, 2 = Most Systems, 3 = All Channels)

Access Controls & MFA (0 = None, 1 = Passwords Only, 2 = Role-Based, 3 = MFA + Least Privilege)

Security Monitoring & Logging (0 = None, 1 = Basic Logs, 2 = SIEM, 3 = 24/7 Monitoring)

Vulnerability Management (0 = None, 1 = Annual Scan, 2 = Quarterly, 3 = Continuous)

Secure Data Disposal (0 = None, 1 = Ad Hoc, 2 = Policy Exists, 3 = Verified & Documented)

### Physical Safeguards (25% weight)

Physical Access Controls (0 = None, 1 = Locks Only, 2 = Keycard, 3 = Keycard + Logging)

Device & Media Security (0 = None, 1 = Informal, 2 = Inventory Tracked, 3 = Encrypted + Tracked)

Workstation Use Policy (0 = None, 1 = Informal, 2 = Written, 3 = Enforced & Audited)

Visitor & Contractor Controls (0 = None, 1 = Sign-In, 2 = Escorted, 3 = Logged + Badged)

Calculate Compliance Readiness

function nyCalc() { var errors = [];

var employees = parseFloat(document.getElementById('ny-employee-count').value); var dataSubjects = parseFloat(document.getElementById('ny-data-subjects').value); var industry = document.getElementById('ny-industry').value;

if (isNaN(employees) || employees 3 || Math.floor(v) !== v) { errors.push(f.label + " must be a whole number between 0 and 3."); } else { values[f.id] = v; } });

if (errors.length > 0) { document.getElementById('ny-result').style.display = 'block'; document.getElementById('ny-result').innerHTML = 'Please fix the following:' + errors.map(function(e){ return ''; }).join('') + ''; return; }

// ── FORMULA ────────────────────────────────────────────────────────────── // Each category score = (sum of ratings / max possible) × 100 // Max per item = 3; scores normalized to 0–100 within each category. // // Administrative Score (5 items, max = 15): var adminRaw = values['ny-risk-assessment'] + values['ny-security-policy'] + values['ny-employee-training'] + values['ny-vendor-management'] + values['ny-incident-response']; var adminScore = (adminRaw / 15) * 100;

// Technical Score (6 items, max = 18): var techRaw = values['ny-encryption-rest'] + values['ny-encryption-transit'] + values['ny-access-controls'] + values['ny-monitoring'] + values['ny-vulnerability'] + values['ny-data-disposal']; var techScore = (techRaw / 18) * 100;

// Physical Score (4 items, max = 12): var physRaw = values['ny-physical-access'] + values['ny-device-security'] + values['ny-workstation-policy'] + values['ny-visitor-controls']; var physScore = (physRaw / 12) * 100;

// Weighted Overall Score: // Overall = (adminScore × 0.35) + (techScore × 0.40) + (physScore × 0.25) var overallScore = (adminScore * 0.35) + (techScore * 0.40) + (physScore * 0.25);

// Organization Size Modifier: // Small Business exemption applies if employees = 85) { tier = "Compliant / Mature"; tierColor = "#27ae60"; tierAdvice = "Your program demonstrates strong SHIELD Act alignment. Focus on continuous improvement, annual reviews, and staying current with evolving threats."; } else if (overallScore >= 65) { tier = "Substantially Compliant"; tierColor = "#2980b9"; tierAdvice = "Good foundation in place. Address identified gaps—particularly in lower-scoring categories—to achieve full compliance and reduce breach risk."; } else if (overallScore >= 40) { tier = "Partially Compliant"; tierColor = "#e67e22"; tierAdvice = "Significant gaps exist. Prioritize a formal risk assessment, written security policy, and encryption controls immediately. Consider engaging a security consultant."; } else { tier = "Non-Compliant / High Risk"; tierColor = "#e74c3c"; tierAdvice = "Critical deficiencies identified. Immediate action required. The SHIELD Act exposes non-compliant organizations to AG enforcement and civil penalties up to $5,000 per violation."; }

// ── OUTPUT ─────────────────────────────────────────────────────────────── function bar(score, color) { return '' + ''; }

var html = '## Overall Compliance Score: ' + overallScore.toFixed(1) + '% — ' + tier + ' '; html += bar(overallScore, tierColor);

html += ''; html += 'CategoryRaw ScoreNormalizedWeightWeighted'; html += 'Administrative Safeguards' + adminRaw + '/15' + adminScore.toFixed(1) + '%35%' + (adminScore0.35).toFixed(1) + ''; html += 'Technical Safeguards' + techRaw + '/18' + techScore.toFixed(1) + '%40%' + (techScore0.40).toFixed(1) + ''; html += 'Physical Safeguards' + physRaw + '/12' + physScore.toFixed(1) + '%25%' + (physScore*0.25).toFixed(1) + ''; html += '';

html += '### Risk & Exposure Analysis '; html += ''; html += 'Organization Type:' + sizeLabel + ''; html += 'Data Subject Risk Level:' + riskLevel + ' (' + dataSubjects.toLocaleString() + ' NY records)'; html += 'Industry Risk Profile:' + industryRisk + ' (×' + industryMultiplier.toFixed(2) + ')'; html += 'Compliance Gap Score:' + complianceGap.toFixed(1) + ' / 100 (higher = more urgent)'; html += 'Estimated Remediation Effort:' + remediationDays + ' person-days'; html += 'Estimated Annual Compliance Cost:$' + estimatedCost.toLocaleString(undefined,{minimumFractionDigits:0,maximumFractionDigits:0}) + ''; html += '';

html += ''; html += 'Recommendation: ' + tierAdvice + '';

if (isSmallBusiness) { html += ''; html += 'Small Business Note: Organizations with fewer than 50 employees may qualify for the SHIELD Act's small business exemption, which requires "reasonable" safeguards proportionate to size and complexity rather than a full formal program. However, breach notification obligations still apply fully.'; html += ''; }

document.getElementById('ny-result').style.display = 'block'; document.getElementById('ny-result').innerHTML = html; }

#### Formula

Category Scores (each normalized to 0–100):

Overall Compliance Score = (Administrative × 0.35) + (Technical × 0.40) + (Physical × 0.25)

Compliance Gap Score = min(100, (100 − Overall Score) × Risk Score × Industry Multiplier / 4) where Risk Score: <500 records=1, 500–9,999=2, 10,000–499,999=3, ≥500,000=4 Industry Multiplier: Healthcare/Finance=1.20, Technology/Retail=1.10, Other=1.00

Remediation Effort = round((100 − Overall Score) × 0.5 × log₁₀(employees) / log₁₀(50)) person-days

Estimated Annual Cost = (Remediation Days × $1,500) + (NY Records × $0.10) + Base Program Cost Base Program Cost: $5,000 (small business <50 employees) | $15,000 (covered business)

#### Assumptions & References

More Calculators

Read Next

Study Time Planner Authority Network America › Life Services Authority › National Calculator Authority .calc-container { max-width: 640px;...

References

Related Authorities

Life Services Authority › Professional Services Authority › Trade Services Authority › United States Authority ›