On December 21, 2015, the Investment Industry Regulatory Organization of Canada (IIROC) published two best practices guides with respect to cybersecurity for IIROC dealer members:

  • The Cybersecurity Best Practices Guide is intended to provide a voluntary set of industry standards and best practices to help IIROC dealer members manage cybersecurity risks.  The guide provides guidance to both small and large dealer members in establishing security for computer systems and networks using cost-effective security controls and risk management techniques.
  • The Cyber Incident Management Planning Guide assists dealer members in the effective preparation of internal cyber-incident response plans.  The guide provides small and mid-sized IIROC dealer members with a framework of voluntary cybersecurity strategies, guidelines, and tools to more effectively respond to adverse cybersecurity incidents. 

For further information, please consult the IIROC press release announcing this development.