CAN/CIOSC 104:2021 Baseline Cyber Security Controls for Small and Medium Organizations

This Standard specifies a minimum set of cyber security controls intended for small and medium organizations which typically have less than 500 employees.


CAN/CIOSC 100-1:2020 Data Governance - Part 1: Data centric security

This Standard specifies minimum requirements for products and/or services providing data protection of digital assets at-rest, in-motion, and in-use across platforms (e.g., endpoints, mobile, cloud), facilitating secure sharing and collaboration across different IT systems within and between organizations.

CAN/CIOSC 100-2:2020 Data Governance - Part 2: Third party access to data

This Standard specifies minimum requirements and a set of privacy controls for third-party access to data.

CIOSC/PAS 100-4:2020 Data Governance - Part 4: Specification for Scalable Remote Access Infrastructure

This Specification presents a set of requirements to help organizations mitigate security risks associated with, and scalability demands upon, enterprise technologies used for remote access. The Specification also provides guidance to organizations needing to react to unprecedented and unplanned shifts in their workforce to support work-from-home mandates.

CIOSC/PAS 100-6:2021 Data Governance - Part 6: The responsible use of digital contact tracing, monitoring data in the workplace

This Specification presents a minimum set of requirements for the acceptable and responsible collection and use of contact tracing and monitoring data in the workplace. This Specification applies to the governance of current and future use of data that is created, collected, stored or controlled by contact tracing and monitoring solutions, and impacts the management processes and decisions relating to data security and privacy within and between organizations. This Specification does not cover the use of contact tracing, monitoring and surveillance solutions applied in public health.

Digital Trust and Identity

CAN/CIOSC 103-1:2020 Digital Trust and Identity - Part 1: Fundamentals

This Standard specifies minimum requirements and a set of controls for creating and maintaining trust in digital systems and services that, as part of an organization’s mandate, assert and or consume Identity and Credentials in data pertaining to people and Organizations. This Standard may be applied to either digital systems and services that are used within an identity context, or to those that are used and applied across identity contexts.

CAN/CIOSC 103-2:2021 Digital Trust and Identity - Part 2: Delivery of healthcare services

This Standard specifies minimum requirements for federating the exchange of health information between systems and provides the basis for implementing a user-centric, interoperable health network for the delivery of healthcare services.

Ethics in AI

CAN/CIOSC 101:2019 Artificial Intelligence: Ethical design and use of automated decision systems

This Standard specifies minimum requirements in protecting human values and incorporating ethics in the design and use of automated decision systems. This Standard is limited to artificial intelligence (AI) using machine learning for automated decisions.