top of page
  • Writer's pictureDeborah

April 21, the Office of the Superintendent of Financial Institutions (OSFI) published Implementation Guide 1.0 : Intelligence-led Cyber Resilience Testing (I-CRT) Framework that provides the methodology and process to follow when conducting an I-CRT assessment.


As outlined by OSFI : “the overall objective of the I-CRT assessment is to regularly evaluate a FRFI’s cyber-resilience posture by identifying cyber threats and associated possible remedial actions.


The I-CRT Framework provides guidance on the following:

  • I-CRT assessment criteria and cadence

  • Roles and responsibilities (FRFI and FRFI Control Group, Control Group Coordinator, Regulator, Threat Intelligence service Provider and Red Team).

  • Risk management (I-CRT phases, I-CRT risk owner, Operational secrecy, Independent service providers).

  • I-CRT process (Initiation phase, Threat Intelligence phase, Execution Closure phase).

The Guideline shall be read in conjunction Guideline B-13, Technology and Cyber Risk Management (read our previous piece here).



Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page