Through international standards, Canadian businesses can take the extra step to protect consumers’ information safe from unauthorized access and ensure fair, relevant, and legitimate data collection and processing.
Canadian Businesses are responsible for ensuring that the amount and type of data they are collecting is appropriate for their business. The Personal Information Protection and Electronic Document Act (PIPEDA) describes the laws around privacy that apply to Canadian commercial businesses. Internationally Canadian businesses still need to comply and understand regulations such as the European Unions General Data Protection Regulation (GDPR). This can be challenging for Canada’s small and medium-sized enterprises (SMEs). Therefore, SCC has worked alongside the Canadian Advisory Committee on GDPR (CAC-GDPR) to develop a guidance document to help organizations take the first steps and guide them on using relevant standards.
SCC accredits certification bodies to help businesses secure their data under the following programs:
ISO/IEC 27001 Information Security Management Systems (ISMS) allows an organization to implement, maintain, and continuously improve information security. ISMS manage the security of assets such as financial information and intellectual property. It better prepares your business for a cyberattack. If you have a business with an e-commerce site and/or have international customers, having this certification can demonstrate your organization’s resiliency to a cyber incident.
ISO/IEC 27701 Privacy Information Management Systems (PIMS) provides additional security techniques for privacy and information management. This ISO/IEC standard is an extension to ISO/IEC 27001. Businesses should consider this standard if they are collecting personally identifiable information from their consumers. As of December 2020, SCC now offers PIMS accreditation. Certification Bodies can get accredited for PIMS by submitting an application.
CyberSecure Canada is an important program for any business with an online presence. This program prepares companies for the most common attacks, disasters, errors, and breaches. This certification increases consumer confidence in the Canadian digital economy.
To help your organization mitigate cyber threats, you can get certified by an accredited certification body to protect against common cyber incidents. You can search our directory to find an accredited certification body to get certified.
Reminders for businesses to stay privacy aware