Consultation on proposed guidance on IT risk management
TORONTO, Jan. 23, 2023 /CNW/ – FSRA is consulting on guidance to help the sectors and individuals it regulates effectively manage a threat to their IT systems, infrastructure and data.
IT risks, like cyber threats and aging digital infrastructure, can result in financial losses and harm to consumers.
Regulated entities must comply with existing requirements related to IT risk and the protection of personal information, including the requirements of the Personal Information Protection and Electronic Documents Act (“PIPEDA”).
This guidance is applicable to all FSRA-regulated sectors, sets out seven practices to effectively manage IT risk and the steps required to notify FSRA in the event of an IT incident.
- Governance – people in place with sufficient expertise to manage IT risk
- Risk Management – policies and procedures in place to manage IT risk
- Data Management – processes, procedures and controls in place to ensure data quality, integrity, privacy
- Outsourcing – controls in place to manage risks related to outsourcing
- Incident…
