Pursuant to section 11.1 of National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations, registered firms are required to establish, maintain and apply policies and procedures that create a system of controls and supervision sufficient to provide reasonable assurance that the firm and each individual acting on its behalf complies with securities legislation, and manage the risks associated with their businesses in accordance with prudent business practices. Cybersecurity is becoming an area of increasing focus for securities regulators, so to help registrants (and other entities) meet their internal control obligations and stay ahead of cybersecurity risks, we offer a fixed-fee cybersecurity service, which includes a review of the following:

  • Governance structure and risk management
  • Risk assessment
  • Technical controls
  • Incident response planning
  • Vendor management
  • Staff training
  • Cyber intelligence and information sharing
  • Cyber insurance
  • Continuous assessment