Bulletproof is proud to be a CyberSecure Canada accredited Certification Body. We’ve been involved in this evolving program from the beginning and are here to help Canadian businesses keep on track with important security threat and risk mitigation countermeasures that help protect our whole country’s economy.

What is CyberSecure Canada?

CyberSecure Canada is a federal cyber certification program that aims to:

  • raise the cyber security baseline among small and medium enterprises (SMEs) in Canada,
  • increase consumer confidence in the digital economy,
  • promote international standardization, and
  • better positions SMEs to compete globally.

Who is CyberSecure for?

Due to the scarcity in IT resources and funding combined with the increase in cyber-attacks, the CyberSecure Canada Program is targeted towards small and medium-size business; however, enterprise-sized companies are also eligible for the certification program.

CyberSecure_Website_Elements_Wordmark_Example_EN-1What does it mean to be certified? 

A business has demonstrated that it has implemented the security controls established by the Cyber Centre, Canada's cybersecurity experts.  The CyberSecure Canada certification mark will give certified businesses official recognition by the federal government for demonstrating their compliance to the baseline security controls. The certification mark provides an easy way for customers, investors, partners and suppliers to know that a business has decreased their cyber risk.

How long is the certification valid for?

The certification will be valid for 2 years. When your certification expires you will be required to follow a recertification process to maintain your CyberSecure Canada certification.

What are the requirements? 

Certification requires Canadian SMEs to implement the baseline security controls developed by the Canadian Centre for Cyber Security.

Among them are:

  • Develop an Incident Response Plan
  • Automatically Patch Operating Systems and Applications
  • Enable Security Software
  • Provide Employee Awareness Training
  • Secure Websites
  • Backup and Encrypt Data
  • Implement Access Control and Authorization
  • Secure Portable Media
  • Secure Mobility
  • Establish Basic Perimeter Defences
  • Securely Configure Devices
  • Use Strong User Authentication

The security controls aim to give SMEs the greatest amount of protection with the least amount of burden. 

How does the certification process work?

The process has been designed to allow the audit work to be performed remotely, helping small to medium organizations better manage cost. The audit consits of a documentation review against the standards requirements, with interviews being performed if clarification is needed.

What is Bulletproof’s role as an accredited Certification Body?

Certification Bodies (CBs) are public and private businesses that are accredited by the Standards Council of Canada (SCC) who have met the requirements of the SCC. CBs will verify that businesses have met all the security controls for certification using assessment criteria developed by ISED and and the Cyber Centre.

What is the role of the Standards Council of Canada (SCC)?

As Canada’s national accreditation body, SCC rigorously assesses the experts who certify organizations.

For more information on the new standard and how it works or to request a quote, complete the form.