Tag archives: risk management

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

Photo of Suzie Suliman (CA)Photo of Shreya GuptaPhoto of Imran Ahmad (CA)By Suzie Suliman (CA), Shreya Gupta and Imran Ahmad (CA) on Posted in Compliance and risk management, Cybersecurity
innovation circuit boardOn July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need ensure that they have taken steps to comply with the requirements … Continue reading

The aftermath of an incident – business considerations surrounding record-keeping

Photo of Jeremie Wyatt (CA)Photo of John Cassell (CA)Photo of Sara A. Levine, QC (CA)By Jeremie Wyatt (CA), John Cassell (CA) and Sara A. Levine, QC (CA) on Posted in Compliance and risk management, Data breach, Vendor management and transactions
innovation circuit boardIn our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation for private-sector organizations subject to Quebec, Alberta, or federal laws. Organizations should also be aware of … Continue reading

FDA issues final guidance on postmarket medical device cybersecurity

Photo of Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices.  The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA.… Continue reading

UK Hedge Fund Standards Board issues cybersecurity guidance

Photo of Marcus Evans (UK)By Marcus Evans (UK) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightThe UK Hedge Fund Standards Board (HFSB) announced on September 17, 2015, that it has added a “Cybersecurity Memo” to its Toolbox function. The Toolbox provides guidance to managers, investors, and fund directors on fund-related issues such as governance, internal processing, and reporting. The Toolbox acts as a complement to the HFSB’s standard-setting activities.… Continue reading
LexBlog