Skip to content

CAN/CIOSC 104 Audit

Stage 1

For the CAN/CIOSC 104 Audit, the requirement will be a questionnaire filled out by the client for the technical reviewer to assess the clients readiness.

During the Stage 1 phase, the technical reviewer will assess the documentation provided by the applicant pertaining to the organization’s implementation of the CyberSecure scheme.

In addition, as part of the Stage 1 phase the technical reviewer evaluates the company’s overall level of implementation of the CyberSecure scheme to determine if it is ready to move forward with the Stage 2 Audit Process.


Stage 2

1. Maximum of 2 weeks for remiediation: Client must remediate all issues found within the Technical Review (TR) under 2 weeks of time

2. If no issues are found- Move to auditor: The submission will be sent over to the Auditor for assessment

3. Auditor will analyze all documentation presented: The Auditor will assess the submission using the official guidance documentation from the scheme owner (ISED). Client has 30 days to remediate any non-conformities

4. Certifier will review the auditors findings: The certifier will ensure all documents have been approved and verified 

5. Final compliance report: Once the submission meets all requirements, the official CyberSecure Canada certificate is signed by the certifier. Client has a closing meeting with the auditor.

6. The company is granted the CyberSecure Canada Certification: The final compliance report and official CyberSecure Canada certificate valid for 2 years is prepared and sent to the client!

Surveillance Review

One-year mark:Clients will receive a reminder prior to the review regarding their 1-Year Review

One-year review: The surveillance audit will be an informal process requiring disclosure of any major changes in the organization including a random sampling of documentation

OWASP Scan: All clients are given a complementary OWASP top 10 automated scan of 1 website per scoping document

Get certified

Contact us to get started today.