OSFI’s Technical and Cyber ​​Risk Management Guide: Part 2

In July, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guidance B-13 (the Guidance), which sets out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs) such as banking, insurance and trust company. FRFIs will need to ensure that steps are taken to comply with the guidelines before the guidelines come into force on 1 January 2024.

In our previous publications on this guide, we discussed key topics and practical tips covered in the guide’s first two categories, namely (i) governance and risk management; and (ii) technology operations and resilience. In this update, we’ll take a closer look at some of the key requirements for incident and problem management, disaster recovery, and cybersecurity in the guide.

In this update, we discuss the following:

  • Identify and assess cybersecurity weaknesses
  • Implement a corporate disaster recovery plan
  • Preventive Cybersecurity Controls
  • Continuous learning and improvement

Read the full update here

Source link