CAN BC FSA issued security guideline for provincially regulated financial institutions.
Goal is to help mitigate information security risks, ensure timely incident reporting.
Information Security Guideline
Guideline application to BC credit unions, insurance companies, and trust companies.
Such entities are referred to as provincially regulated financial institutions (PRFIs).
Set out governance requirements - board of directors is governing body ultimately responsible for overseeing the prudent management of information security (IS) risks.
PRFIs should establish, document effective IS risk management program as described.
Should develop understanding of IS risks to systems, people, assets, data, capabilities.
Further, expected to protect its data and systems as further set out within guidance.
Expected to establish monitoring processes to detect incidents, evaluate effectiveness of identified controls; develop, implement appropriate actions in response to incidents.
Further, set out requirements for recovery plans; communication with the regulator.
Steps for submitting an incident report; determining if incident material; reporting.
Until the Jul. 1, 2025 effective date, all provincially regulated financial institutions are expected to follow the information security guideline that was issued in 2021.
