The Office of the Superintendent of Financial Institutions (OSFI) recently released an updated Technology and Cyber Security Incident Reporting Advisory and new requirements for the Cyber Security Self-Assessment (the Self-Assessment). Both updated guidance documents are effective immediately. The updates seek to clearly outline OSFI’s expectations for federally regulated financial institutions (FRFIs) when assessing their cybersecurity posture and reporting incidents.
In part one of this update, we discussed the changes in the Advisory, notably the reduction of the initial reporting period and broadening of the notion of reportable incident.
Part two of this update tackles OSFI’s Self-Assessment tool, which is seeing its first update since 2013. In particular, OSFI is enhancing its Self-Assessment to reflect the current cybersecurity risks associated with the digitization of financial services. Click here to read it.