top of page
  • Writer's pictureDeborah

April 21, the Office of the Superintendent of Financial Institutions (OSFI) published Implementation Guide 1.0 : Intelligence-led Cyber Resilience Testing (I-CRT) Framework that provides the methodology and process to follow when conducting an I-CRT assessment.

As outlined by OSFI : “the overall objective of the I-CRT assessment is to regularly evaluate a FRFI’s cyber-resilience posture by identifying cyber threats and associated possible remedial actions.

The I-CRT Framework provides guidance on the following:

  • I-CRT assessment criteria and cadence

  • Roles and responsibilities (FRFI and FRFI Control Group, Control Group Coordinator, Regulator, Threat Intelligence service Provider and Red Team).

  • Risk management (I-CRT phases, I-CRT risk owner, Operational secrecy, Independent service providers).

  • I-CRT process (Initiation phase, Threat Intelligence phase, Execution Closure phase).

The Guideline shall be read in conjunction Guideline B-13, Technology and Cyber Risk Management (read our previous piece here).

Recent Posts

See All

Product Corner - VAs : Quèsaco

Virtual Assets (VAs) or crypto assets refer to : “any digital representation of value that can be digitally traded, transferred or used for payment. It does not include digital representation of fiat

Upcoming Regulatory Deadlines to Watch

10 Aug 2023 - Deadline to submit comments to FCA Guidance Consultation (GC23/1) on crypto asset financial promotions. 5 Sep 2023 - Effective date of SEC Cybersecurity Risk Management, Strategy, Govern


bottom of page