CyberSecure Canada is the first federal cyber certification program for small to midsize businesses. The program outlines baseline cyber security controls that will give SMEs the greatest amount of protection from cyber threats. These controls were developed by the Canadian Centre for Cyber Security and are implemented by various certification bodies- one of which is SourcetekIT.
CyberSecure Canada, unveiled in August 2019, is the first federal program dedicated to helping SMBs achieve a baseline level of cybersecurity. As an accredited certification body. SourcetekIT helps SMB’s achieve the cybersecurity standards outlined by the CyberSecure Canada Program.
This certification is a federal program focused on elevate the cyber security baseline for Small to Medium sized organizations. The goal is to provide standardization in cyber security and give consumers the assurance in the digital economy.
By becoming Cyber Secure Canada certified, provide your business with the opportunity to issue your commitment to information security. This give clients and consumers the clarity of a company’s security posture giving them better judgement on where to do business with the ease of knowing their data is continuously protected. CyberSecure Canada issues a mark which will allow a business to display as official approval that they have been assessed under the appropriate government standards.
The assessment will be conducted against the set controls which contain a total of 48 control statements created to examine the organizations cyber security posture.
The assigned auditor will then review each response and assess the level of compliance. A detailed review of all the policies, documents and the contracts will be conducted.
The auditor will perform an internal/external pen test checking the environment for vulnerabilities. This step will allow the auditor to see if the technical infrastructure is up to date with policies in place.
The auditor will conduct interviews with members of the organization. The auditor will also be collecting sampling of the various reporting systems, to assess how if the business is adhering to controls based on mandatory documentation