CAN/CIOSC 104 (Latest version: CAN/DGSI 104:2021 Rev 1 2024) Audit
Stage 1
For the CAN/CIOSC 104 (Now CAN/DGSI 104:2021 Rev 1 2024) Audit, the requirement will be a questionnaire filled out by the client for the technical reviewer to assess the clients readiness.
During the Stage 1 phase, the technical reviewer will assess the documentation provided by the applicant pertaining to the organization’s implementation of the CyberSecure scheme.
In addition, as part of the Stage 1 phase the technical reviewer evaluates the company’s overall level of implementation of the CyberSecure scheme to determine if it is ready to move forward with the Stage 2 Audit Process.
Stage 2
1. Maximum of 2 weeks for remiediation: Client must remediate all issues found within the Technical Review (TR) under 2 weeks of time
2. If no issues are found- Move to auditor: The submission will be sent over to the Auditor for assessment
3. Auditor will analyze all documentation presented: The Auditor will assess the submission using the official guidance documentation from the scheme owner (ISED). Client has 30 days to remediate any non-conformities
4. Certifier will review the auditors findings: The certifier will ensure all documents have been approved and verified
5. Final compliance report: Once the submission meets all requirements, the official CyberSecure Canada certificate is signed by the certifier. Client has a closing meeting with the auditor.
6. The company is granted the CyberSecure Canada Certification: The final compliance report and official CyberSecure Canada certificate valid for 2 years is prepared and sent to the client!
Surveillance Review
One-year mark: Clients will receive a reminder prior to the review regarding their 1-Year Review
One-year review: The surveillance audit will be an informal process requiring disclosure of any major changes in the organization including a random sampling of documentation
OWASP Scan: All clients are given a complementary OWASP top 10 automated scan of 1 website per scoping document