OSFI announces new requirements for reporting technology and cyber incidents: Part 1

On August 13, the Office of the Superintendent of Financial Institutions (OSFI), an independent agency of the Government of Canada, released an updated Technology and Cyber Security Incident Reporting Advisory (the Advisory) and new requirements for the Cyber Security Self-Assessment. These changes are both effective immediately. The updates aim to enhance OSFI’s awareness and response to technology and cyber security incidents at federally regulated financial institutions (FRFIs).

Part 1 of this update will discuss the changes in the Advisory, notably reducing the initial reporting period and broadening the notion of reportable incident. An upcoming part two will tackle the self-assessment tool provided by OSFI, which is seeing its first changes since 2013.

Click here to read Part 1.