Saturday, May 21, 2022

New cloud solution to help SMBs meet Canadian cybersecurity standard

Small and medium-sized Canadian firms having trouble meeting a national cybersecurity standard now have the option of subscribing to a cloud compliance service.

San Diego-based CyberCatch, a software-as-a-service provider which sells a solution to help mid to large-sized companies meet the NIST 800 cybersecurity standard, today announced a solution for companies wanting to meet this country’s CAN/CIOSC 104 national baseline cybersecurity controls for small and medium organizations. 

Called CAN/CIOSC 104 Compliance Manager, it’s a step-by-step online solution to help organizations comply with up to 55 cybersecurity controls in the standard for protecting against cyber threats.

Announced last year by the CIO Strategy Council, CAN/CIOSC 104 is a set of cybersecurity controls intended for small and medium organizations of less than 500 employees.

The pricing of Compliance Manager is based on the size of the organization. It starts at C$5,000 a year for firms up to 50 employees, and goes up to C$20,000 a year for firms with up to 499 employees.

For that, subscribers get access to a solution that takes them through an assessment and benchmarking process against the standard. Included is access to a virtual chief information security officer (CISO) for in-person advice, and to video cybersecurity training sessions for employees.

After the organization has set its controls, Compliance Manager tests them regularly. It also scans internet-facing assets for vulnerabilities, runs phishing tests, and can install an agent to monitor the effectiveness of controls on an internal network.

“The cloud-native platform solution makes it easy and inexpensive for SMOs to comply with CAN/CIOSC 104 and maintain compliance and security,” CyberCatch chief executive officer Sai Huda said in a statement. “Also, a team of industry-leading cybersecurity experts guide the SMOs to success.”

The CIO Strategy Council was appointed in 2019 to create national data governance standards by the Standards Council of Canada. Having national cyber standards companies to meet is one of the pegs in the federal government’s national cybersecurity strategy.

Another peg is the CyberSecure Canada certification program that businesses can go through to show customers and partners they meet cybersecurity standard. At the moment those standards is set by the federal government’s Canadian Centre for Cyber Security. Ultimately the standard will be CAN/CIOSC 104.

CyberSecure Canada was launched in 2019. A web portal to help firms reach certification was launched a year later. Initial take-up was slow. By August 2020, only three firms had been certified.

UPDATE: The department of Innovation, Science and Economic Development, which oversees the CyberSecure Canada program, said today that “to date, hundreds of SMOs have started this process and 23 are certified.”

In December, in an effort to increase this number and to simplify the onboarding of small-and-medium-sized businesses, the department launched an eLearning series, including how-to guides and templates, and a blog series. These will help SMOs to better understand cyber security and prepare for certification, the department said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.