Blog

OSFI Advisory of Interest to Federal Credit Unions—Incident Reporting

Technology and Cybersecurity Incident Reporting
Michael Whitt Q.C.
January 29, 2019
Social Media
Download
Download
Read Mode
Subscribe
Summarize

The Office of the Superintendent of Financial Institutions (OSFI) Canada has published an Advisory of application to all federally regulated financial institutions (FRFI) setting out the expectations of the regulator with respect to “incident reporting requirement”, and points to a prior 2013 guidance document on OSFI’s Cyber Security Self-Assessment.

A technology or cybersecurity incident is defined as an incident which has the potential to, or has been assessed to, materially impact the normal operations of a FRFI, including confidentiality, integrity or availability of the FRFI’s systems and information. When such an incident occurs, and has a high or critical severity level, the incident should be reported to OSFI within 72 hours of a good faith determination that the incident has met these thresholds.

The Advisory lays out a framework for the details to be included in the initial and subsequent reporting to OSFI, and guidance on how incidents should be characterized.

Social Media
Download
Download
Subscribe
Republishing Requests

For permission to republish this or any other publication, contact Amrita Kochhar at kochhara@bennettjones.com.

For informational purposes only

This publication provides an overview of legal trends and updates for informational purposes only. For personalized legal advice, please contact the authors.