Cybersecurity Templates

As organizations increasingly face cyber threats and security breaches, adhering to robust cybersecurity practices has become essential. Our CAN CIOSC 104:2021 (CyberSecure Canada) templates are meticulously designed to align with the CAN CIOSC 104:2021 requirements, providing a practical and efficient solution for organizations striving to meet these standards.


Our CyberSecure Canada templates offer a collection of policy templates, each tailored to address specific sub-controls outlined by the CyberSecure Canada program. These templates are comprehensive and cover various critical areas, including antimalware, firewalls, incident response plans, and more. By utilizing our templates, organizations can establish a strong foundation for their cybersecurity policies, ensuring alignment with the CyberSecure Canada framework.

Key Features and Benefits

Alignment with CyberSecure Canada Requirements

Our templates have been developed to meet the specific guidelines and requirements set forth by the CAN CIOSC 104:2021 standard. This ensures that organizations can create policies that align with industry best practices and regulatory standards.

Policy Templates for Each Sub-Control

Our templates include policy documents for each sub-control identified by CAN CIOSC 104:2021. This approach enables organizations to create policies that address all necessary areas, fostering a holistic cybersecurity approach.

Comprehensive Coverage

The CAN CIOSC 104:2021 templates cover a wide range of cybersecurity domains, including but not limited to antimalware measures, firewalls, incident response plans, employee awareness training, access control, data backup and recovery, etc.

Personalized and Scalable

Our templates are personalized with your business name and logo, and allow organizations to tailor the policies to their specific needs and organizational structure. Furthermore, the templates are scalable, accommodating businesses of various sizes and industry sectors.

Time-Saving Solution

By utilizing our CyberSecure Canada templates, organizations can save valuable time and effort in developing cybersecurity policies from scratch. The templates serve as a great starting point, enabling businesses to expedite the policy creation process.

Why use the templates?

Our templates provide organizations with a convenient and comprehensive solution for establishing robust cybersecurity policies aligned with the CyberSecure Canada program. By leveraging these templates, businesses can enhance their cybersecurity posture, mitigate risks, and demonstrate their commitment to safeguarding sensitive data and digital assets. Start your journey towards CAN CIOSC 104:2021 compliance today with our ready-to-use templates!

What policies are included?

OC 4.1.2.1 Leadership

OC 4.2.3.1 Accountability

OC 4.3.2.1 Cyber Security Training

OC 4.3.3.1 Ongoing awareness training

OC 4.4.2.1 Cyber Security Risk Assessment

OC 4.4.3.1 Cyber Security Risk Assessment Policy

OC 4.4.3.2 List of information systems and assets

OC 4.4.3.3 Accepted cyber security risks

OC 4.4.3.4 IT Security-Spending Levels-Raw

OC 4.4.3.5 IT security staffing

OC 4.4.3.6 Commitment to Cyber Security

OC 4.4.3.7 When to update an existing cyber security risk assessment

OC 4.4.3.8 Implementing baseline controls

OC 4.4.3.9 Reviewing controls to ensure effectiveness

BC 5.1.2.1 & 5.1.2.2 Incident Response Plan

BC 5.1.2.3 Cybersecurity insurance

BC 5.2.2.1 Security patches

BC 5.2.2.2 Automatic Patching

BC 5.2.2.3 Replacing systems incapable of automatic patching

BC 5.3.2.1 Enable security software

BC 5.4.2.1 Changing default passwords

BC 5.4.3.1 Secure configurations for devices

BC 5.5.2.1 Multi-factor authentication

BC 5.5.2.2 Changing password on suspicion of compromise

BC 5.5.2.3 Password length-reuse-writing down

BC 5.5.3.1 Password managers

BC 5.6.2.1 Essential business information

BC 5.6.2.2 Frequency of backups

BC 5.6.2.3 System backups

BC 5.6.2.4 Storing backups

BC 5.6.2.5 Encrypting backups

BC 5.6.3.1 Sampling backup data

BC 5.7.3.1 Firewalls

BC 5.7.3.2 DNS Firewall

BC 5.7.3.3 Software firewalls

BC 5.7.3.4 Encrypted Connectivity and VPN Access with MFA

BC 5.7.3.5 Corporate Wi-Fi

BC 5.7.3.6 Segmenting corporate and public networks

BC 5.7.3.7 DMARC

BC 5.7.3.8 Email filtering

BC 5.8.3.1 Provision accounts with minimum functionality necessary

BC 5.8.3.2 Removing accounts or functionality when no longer required

BC 5.8.3.3 Admin accounts only perform administrative activities

BC 5.8.3.4 Centralized authorization control system

BC 6.1.3.1 Ownership model for mobile devices

BC 6.1.3.2 Securing mobile devices

BC 6.2.2.1 Evaluating risk tolerance for outsourced IT or cloud apps

BC 6.2.3.1 AICPA SSAE 18 or equivalent reports

BC 6.3.3.1 OWASP Top 10

BC 6.3.3.2 ASVS Levels

BC 6.4.2.1 Company owned portable media

BC 6.4.3.1 Using portable media

BC 6.5.2.1 POS Terminals and Financial Systems

BC 6.6.3.1 Log management