top of page
  • Writer's pictureDeborah

On June 24, the Investment Industry Regulatory Organization of Canada (IIROC) published an education notice on cybersecurity recommending risk management practices related to cloud services and Application Programming Interfaces (APIs).


The Notice provides guidance on some technology and cybersecurity controls firms should consider.


1. For controls related to the deployment and management of cloud environment, firms should:

  • Implement secure authentication methods

  • Understand clear roles and responsibilities

  • Ensure an effective user onboarding and off boarding process

  • Assess the cloud service provider

  • Monitor the cloud environment

2. For controls related to APIs, firms should:

  • Review data flows and processes

  • Use strong authentication and encryption methods

  • Consider solutions to detect brute force and distributed denial of service (DDoS) attacks

  • Review API designs and changes


The IIROC education notice can be found here:

https://www.iiroc.ca/news/Pages/Education-Notices.aspx

Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page