On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and
In our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation
On December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices. The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA.
The UK Hedge Fund Standards Board (HFSB) announced on September 17, 2015, that it has added a “Cybersecurity Memo” to its Toolbox function. The Toolbox provides guidance to managers, investors, and fund directors on fund-related issues such as governance, internal processing, and reporting. The Toolbox acts as a complement to the HFSB’s standard-setting activities.