Language selection


CyberSecure Canada information sheet

From: Innovation, Science and Economic Development Canada

Cyber attacks can have a direct impact on your organization and customers, which can result in financial losses and reputational damage.

CyberSecure Canada is a voluntary federal certification program designed for small and medium-sized enterprises and other organizations in Canada to help improve cybersecurity practices, promote trust and provide a competitive advantage that will result in increased consumer confidence in the Canadian digital economy.

1. Get started

To be eligible for certification, your organization must review and implement the 13 security controls established by the Canadian Centre for Cyber Security:

  • Develop an incident response plan
  • Automatically patch operating systems and applications
  • Securely configure devices
  • Enable security software
  • Use strong user authentication
  • Provide employee awareness training
  • Back up and encrypt data
  • Secure mobility
  • Establish basic perimeter defences
  • Secure cloud and outsourced IT services
  • Secure websites
  • Implement Access Control and AuthorizationSecure portable media

These security controls provide a solid foundation that will help your organization mitigate cyber threats. Visit for free information and e-learning tools to help you implement the security controls for your organization.

2. Apply for certification

Once your organization has implemented the 13 security controls, you can apply for certification at

3. Work with a certification body

A certification body (accredited through the Standards Council of Canada) will evaluate your implementation of the 13 security controls. The certification body will consult directly with your organization to:

  • determine if your organization is ready to be certified;
  • provide a cost estimate for your organization to achieve CyberSecure Canada certification; and
  • audit your organization's implementation of the security controls.

Building trust with customers, partners, investors and suppliers

Once your organization is certified, the Government of Canada will provide you with a CyberSecure Canada certification mark, valid for two years, that you can display on your website and in your place of operation to let your customers, investors, partners and suppliers know that you have taken action to protect your organization from cyber threats.
Phone: 1-800-328-6189

Date modified: