Cyber Security Canada is an accredited Certification Body for both Canadian government-backed Cyber Security Certification Programs

Why Certify?

Customers, partners, investors and suppliers provide Canadian businesses with valuable information – and trust that their information will be secure.

Business owners are now more responsible than ever for the safety of their partners’ digital information. When businesses lack strong cybersecurity measures, their data and the information entrusted to them could be at risk.

While large enterprises may have the staff and dedicated resources to protect their digital assets against fraud, confidential data loss, ransomware and business disruption, many small businesses do not. This unfortunately makes them the most likely targets for cyber criminals.

The goal of certification is to provide small businesses with a clear path to follow, while minimizing expense and risk. The security standards set out in CyberSecure and Cyber Essentials provide both the guidance and the action plan required to mitigate the most common cyber threats.

What is a Certification Body?

A Certification Body is an official body which has been accredited by a Certification Authority to verify that a business has correctly implemented all the policies, standards and controls required by a particular certification.

Who Accredited Cyber Security Canada?

In Canada, there are two government-backed programs to certify the cyber security of small and medium-sized businesses.

Cyber Security Canada is accredited by the Standards Council of Canada (SCC) to verify that businesses have implemented all the security controls required for CyberSecure certification, according to the audit criteria established by ISED and the Canadian Cyber Centre.

Cyber Security Canada is also accredited by the Cyber Essentials Canada Authority, and has been granted jurisdiction to conduct Cyber Essentials certification assessments on behalf of the Authority.

Why two different certifications?

Cyber Essentials is a mature Canadian cyber security standard launched by Cyber Essentials Canada in 2017. Cyber Essentials has an established certification process, online tools and workflow, and is widely accepted by both industry and government bodies.

CyberSecure is the new federal cyber security standard based on security controls developed by the Canadian Centre for Cyber Security.

Administered by ISED (Innovation, Science and Economic Development Canada), CyberSecure is currently in a two-year pilot phase, during which the National Standard will be finalised by SCC (Standards Council of Canada).

Which certification should my company get?

Which certification to obtain will depend on your company’s needs and goals.

If you require managed supply chain auditing, a verified cyber security audit or support during the certification process, then Cyber Essentials has features which may better suit your needs.

Cyber Essentials Canada is collaborating with ISED to align the Cyber Essentials program with the new federal standard. During the pilot phase, CyberSecure certification and Cyber Essentials Basic certification are regarded by both organizations as equivalent.


Learn More About Cyber Essentials Certification:

Didn’t find your answer?

Our heroic support team can help you