Summary of CSA Roundtable on Response to Cyber Security Incidents

28 04 2017

The Canadian Securities Administrators (“CSA”) issued CSA Staff Notice 11- 336 Summary of CSA Roundtable on Response to Cyber Security Incidents which summarizes the discussions of the roundtable held on February 27, 2017.

The discussions focused the following issues:

  • the response of an entity subject to a cyber security event, including matters related to governance, assessment of damage, personnel involved in decision making and information flow;
  • the response of entities both downstream and upstream from the affected entity, including possible steps that may be taken to minimize the impact to their organizations;
  • people who should be involved in discussions and decision making for a coordinated response to a market-wide incident, including which organizations need to be involved, who should be driving the resolution process and how communication and coordination amongst organizations may be achieved;
  • information that should be communicated internally and externally, including organizations’ communication protocols and information that organizations not directly attacked expect to be supplied with from an affected entity; and
  • factors that may contribute to coordination, communication and collaboration, including what information is needed to ensure smooth coordination and communication among different stakeholders and challenges organizations may face to reach that goal.

 

You can read the Summary of CSA Roundtable on Response to Cyber Security Incidents notice HERE.





CSA Multilateral Staff Notice 51-347 Disclosure of Cyber Security Risks and Incidents

23 02 2017

The Canadian Securities Administrators (“CSA”) issued Multilateral Staff Notice 51 347 – Disclosure of Cyber Security Risks and Incidents which outlines the findings of a review done by the staff of the British Columbia Securities Commission, Ontario Securities Commission and Autorité des marchés financiers of 240 members of the S&P/TSX Composite Index and provides staff guidance to issuers on incident reporting.

The can read the complete notice HERE.

You can find further discussion in the following summaries which may also be of assistance in understanding disclosure of cyber security risks:

Cyber Risk Management — Regulatory Guidance for Reporting Issuers’ Continuous Disclosure of Cyber Security Risks and Incidents – Borden Ladner Gervais LLP

CSA Issues Guidance on Disclosure of Cyber Security Risks and Breach Incidents – Clark Wilson LLP

Canadian securities regulators issue guidance for Canadian issuers on the disclosure of cyber security risks and incidents – Osler, Hoskin & Harcourt LLP

CSA Provides Guidance on Disclosure of Cyber Security Risks – Goodmans LLP