What is CAN/CIOSC 104:2021?
CAN/CIOSC 104:2021 is a Canadian national standard that establishes baseline cybersecurity controls specifically designed for small and medium-sized businesses (SMEs). It aims to provide SMEs with a solid basis for strengthening their IT security.
This standard defines two levels of security controls: Level 1 and Level 2.
Level 1 requirements
Level 2 requirements
Small and medium-sized organizations are most likely to be targets of cyberthreats and cybercrime, often resulting in immediate financial or privacy consequences.
– National Cyberthreat Assessment 2018
What are the cybersecurity controls in the CAN/CIOSC 104:2021 standard
Incident response plan
Automatically patching applications and operating systems
Enabling security software
Configuring devices to ensure security
Access control and authorization
Using robust user authentication
Data backups and encryption
Establishing base defenses on the perimeter
In addition to the basic checkpoints, there are also controls specific to the operating environment
Secure mobile devices
Security of cloud services and outsourced IT services
Removable media security
Point of sale systems and financial systems
Management of cybersecurity logs
Any incident must be reported to the Commission d’access à l’information du Québec, or to the Office of the Privacy Commissioner of Canada if the company is outside of Quebec.
Are you able to detect when an incident occurs? Contact us to receive the best support in terms of compliance and cybersecurity!
How can MicroSecure help you optimize your compliance?
MicroSecure offers a complete range of solutions and services to support companies in their efforts to comply with cybersecurity standards. From securing networks to complying with the principle of least access, through log management and data protection, we offer in-depth expertise to strengthen the cybersecurity of our customers. Our tailored approach ensures that every business, regardless of size, has the tools and strategies needed to prevent digital threats and effectively manage incidents, contributing to strong and reliable cybersecurity.