On August 12, 2019, the Canadian federal government announced CyberSecure Canada, a voluntary certification program which aims to raise the cyber security baseline among small and medium enterprises (SMEs). SMEs that prove that they meet certain minimum standards will be entitled to use the CyberSecure certification mark on websites and promotional material attesting that they have met the standard. Although CyberSecure Canada is directed at Canadian SMEs (up to 499 employees), all organizations are eligible to apply for certification.
To be certified an organization has to prove to a certification body that it has implemented the 13 baseline cyber security controls listed here. Organizations seeking to go beyond these controls should look to more comprehensive cyber security measures such as the Center for Internet Security Controls, the NIST Cyber Security Framework, ISO/IEC 27001:2013 or CCCS IT Security Risk Management: A Lifecycle Approach.
It is important to note that CyberSecure certification program is a minimum standard and certification under the program does not guarantee compliance with privacy legislation or any industry-specific requirements. Organizations should pay attention to their particular circumstances and seek legal advice to determine if any additional cybersecurity measures are required.
Summary By: Juliette Sakran
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.