Small and medium-sized Canadian firms having trouble meeting a national cybersecurity standard now have the option of subscribing to a cloud compliance service.
San Diego-based CyberCatch, a software-as-a-service provider which sells a solution to help mid to large-sized companies meet the NIST 800 cybersecurity standard, today announced a solution for companies wanting to meet this country’s CAN/CIOSC 104 national baseline cybersecurity controls for small and medium organizations.
Called CAN/CIOSC 104 Compliance Manager, it’s a step-by-step online solution to help organizations comply with up to 55 cybersecurity controls in the standard for protecting against cyber threats.
Announced last year by the CIO Strategy Council, CAN/CIOSC 104 is a set of cybersecurity controls intended for small and medium organizations of less than 500 employees.
The pricing of Compliance Manager is based on the size of the organization. It starts at C$5,000 a year for firms up to 50 employees, and goes up to C$20,000 a year for firms with up to 499 employees.
For that, subscribers get access to a solution that takes them through an assessment and benchmarking process against the standard. Included is access to a virtual chief information security officer (CISO) for in-person advice, and to video cybersecurity training sessions for employees.
After the organization has set its controls, Compliance Manager tests them regularly. It also scans internet-facing assets for vulnerabilities, runs phishing tests, and can install an agent to monitor the effectiveness of controls on an internal network.
“The cloud-native platform solution makes it easy and inexpensive for SMOs to comply with CAN/CIOSC 104 and maintain compliance and security,” CyberCatch chief executive officer Sai Huda said in a statement. “Also, a team of industry-leading cybersecurity experts guide the SMOs to success.”
The CIO Strategy Council was appointed in 2019 to create national data governance standards by the Standards Council of Canada. Having national cyber standards companies to meet is one of the pegs in the federal government’s national cybersecurity strategy.
Another peg is the CyberSecure Canada certification program that businesses can go through to show customers and partners they meet cybersecurity standard. At the moment those standards is set by the federal government’s Canadian Centre for Cyber Security. Ultimately the standard will be CAN/CIOSC 104.
CyberSecure Canada was launched in 2019. A web portal to help firms reach certification was launched a year later. Initial take-up was slow. By August 2020, only three firms had been certified.
UPDATE: The department of Innovation, Science and Economic Development, which oversees the CyberSecure Canada program, said today that “to date, hundreds of SMOs have started this process and 23 are certified.”
In December, in an effort to increase this number and to simplify the onboarding of small-and-medium-sized businesses, the department launched an eLearning series, including how-to guides and templates, and a blog series. These will help SMOs to better understand cyber security and prepare for certification, the department said.