CAN/DGSI 104:2021 Rev 1 2024 (formerly CAN/CIOSC 104:2021) is a cyber security certification designed for small to medium-sized Canadian organizations with fewer than 500 employees. This framework provides a set of basic information security controls, including the subfield of cyber security, to help businesses safeguard their data and systems. As such, it was developed with consideration that small organizations might have limited resources. So, the certification emphasizes a balanced approach, aiming to maximize protection with minimal operational burden.
While specifically designed for smaller organizations, larger businesses may also benefit from using the certification as a foundational guide to improve their information security strategies. However, organizations that handle sensitive information or operate in high-risk sectors may need additional measures beyond those outlined in the CAN/DGSI 104 framework.
The framework is updated occasionally, so businesses are encouraged to check the Digital Governance Council for the latest version. Please find an overview of CAN/DGSI 104: 2021 Rev 1 2024 below.
Key Components of the CAN/DGSI 104 Framework
The CAN/DGSI 104:2021 Rev 1 2024 framework includes several essential components to help organizations manage their information security risks effectively:
- Risk Assessments: A central element of the framework, information security risk assessments guide organizations in identifying vulnerabilities and potential threats. By evaluating the likelihood and impact of risks, businesses can prioritize their cyber security efforts and allocate resources efficiently. You can even find self-guided assessments online for free – here’s an example.
- Incident Response Planning: The framework stresses the importance of a proactive incident response plan. This plan ensures that organizations are prepared to detect, analyze, and recover from cyber incidents. Which, in turn, will minimize their impact and improve recovery time.
- Employee Training and Awareness: Human error remains a leading cause of cyber incidents. Ongoing training helps employees recognize threats like phishing and adopt best practices in data protection. Regular simulations and updates on emerging threats are also encouraged to keep staff well-prepared.
- Website Security: Small businesses must ensure their websites are free from the top vulnerabilities identified by the OWASP (Open Worldwide Application Security Project) standards. This includes proactive testing to protect against common attack vectors.
The certification also includes guidelines on resource allocation, incident recovery, and continuous improvement through regular reviews.
Is it worth it? In short – yes. Because of the practical guidance it offers, CAN/DGSI 104:2021 Rev 1 2024 is helpful to organizations that want to strengthen their overall information security posture, protect sensitive information, and maintain stakeholder trust in an increasingly digital world.
Birmingham Consulting can help you identify where your business’s cyber security needs attention. If you are not 100% confident in your security systems, make Birmingham your first choice for a second opinion.
