Frequently asked questions

From: Innovation, Science and Economic Development Canada

General information

Frequently used acronyms
CBs
Certification Bodies
ISED
Innovation, Science and Economic Development Canada
SCC
Standards Council of Canada
The Cyber Centre
Canadian Centre for Cyber Security
What does it mean to be certified?

A business has demonstrated that it has implemented the security controls established by the Cyber Centre, Canada's cybersecurity experts.

How secure does the CyberSecure Canada certification make my business?

Certification does not guarantee complete protection from cyber threats. However, the processes and best practices learned as you make your way through the certification process, will provide businesses owners, managers and employees with the tools and abilities to improve your level of cyber risk and to better deal with breaches, if they occur.

How will customers, partners, investors and suppliers recognize that my business has been certified?

An identifier, unique to CyberSecure Canada, will be used to signify to customers and business partners that the business has successfully been certified. Additionally, searchable database of CyberSecure Canada certified businesses will be made publicly available on the program website as the program progresses.

What is included in my CyberSecure Canada certification designation?

You will receive a unique CyberSecure Canada certification identifier for your website to demonstrate to your customers, partners, investors and suppliers that your business has taken necessary steps to implement cybersecurity controls to better meet cybersecurity concerns.

How do I find out if my business is eligible for certification?

Although the program is targeted at small- to medium sized businesses (maximum of 499 employees)), all businesses in Canada are eligible for the certification program, including all not-for-profit and for-profit organizations.

Is it mandatory for my business to become certified?

No, as of right now this is a voluntary certification. However, certification will help improve your businesses level of cybersecurity.

What do I do if I involved in a cyber incident?

If you have been involved in a cyber incident and provided personal information or financial information, please contact the following organizations as appropriate:

  1. Call your bank. If your bank account or credit cards are involved, you'll want to report it, and cancel cards, right away to avoid being liable for the losses.
  2. Call the police and keep note of the report number for reference.
  3. Call Canada's main credit reporting agencies and put a fraud alert on your credit report:
    1. Trans Union Canada (1-866-525-0262, Québec 1-877-713-3393)
    2. Equifax Canada (1-866-779-6440)
  4. Call Service Canada at 1-800-O-Canada if any of your federally-issued ID was compromised (for example social insurance number or passport).
  5. Contact the Canada Revenue Agency. If you believe your Canada Revenue Agency (CRA) user ID or password has been compromised or to disable online access to your information on the CRA login services, contact the CRA.
  6. Call your province/territory. If you believe your driver's licence or health card was compromised, contact your provincial or territorial ministry responsible for transportation or the provincial or territorial government department responsible for health.
  7. Call the companies where your identity was used. They will tell you what information they need, whether an investigation has been started and how you can recover the money that was stolen.
  8. Contact the Privacy Commissioner of Canada for identity theft issues (PIPEDA) 1-800-282-1376 or www.priv.gc.ca for advice and assistance. (Note: Quebec, British Columbia, and Alberta have separate privacy laws that are similar to PIPEDA, so please contact your Provincial Commissioner.)
  9. Call the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501 or visit www.antifraudcentre.ca to report any incidents of fraud or cyber-related fraud.

Always take time to record the things you've done to report and recover from the incident. A few extra minutes could save you a lot of frustration down the road.


Program details

What are security controls?

The security controls outline what businesses and organizations must do to protect their cyber threat environment, such as computers, intranet site, social media accounts etc. The security controls were developed in collaboration with the Cyber Centre, the cybersecurity experts of Canada, to help protect businesses by improving their resiliency through investment in cybersecurity.

Where can I find the security controls?

You can find the security controls on the Canadian Centre for Cyber Security Website. There is no cost to participate/use this service.

What is a Certification Body?

Certification Bodies (CBs) are public and private businesses that are accredited by the Standards Council of Canada (SCC) who have met the requirements of the SCC. CBs will verify that businesses have met all the security controls for certification using assessment criteria developed by ISED and and the Cyber Centre.

Who are the Certification Bodies?

A complete list of the Certification Bodies can be found on the Certification Bodies webpage.

What is the audit criteria?

The audit criteria is a checklist for evaluating a businesses implementation of the security controls. This evaluation is performed by your businesses chosen certification body.


Program process

How do I become certified?

You can follow the step-by-step process to become certified on our website.

How do I start my application?

To start your application contact us at:

Telephone:
  • Telephone (toll-free in Canada): 1-800-328-6189
  • Telephone (Ottawa): 613-954-5031
  • Fax: 343-291-1913
  • TTY (for hearing-impaired): 1-866-694-8389
Business hours:
8:30 a.m. to 5:00 p.m. (Eastern Time)
Email:
ISED-ISDE@canada.ca
Mailing Address:
ISED Contact Centre
Innovation, Science and Economic Development Canada
C.D. Howe Building
235 Queen Street, 4th Floor
Ottawa, Ontario K1A 0H5
How long will it take for my business to become certified?

The time period towards becoming certified varies depending on each businesses needs. An businesses current level of cybersecurity readiness and ability to implement the security controls will determine the path to certification.

How long is my certification valid for?

The certification will be valid for 2 years. When your certification expires you will be required to follow a recertification process to maintain your CyberSecure Canada certification.

How much will the certification cost?

The price for certification is set by the CBs participating in the program. CBs are external stakeholders, recruited and accredited by the SCC and will act as auditors of the security control implementation by your business during the certification process. CBs may choose not to charge for the certification if your business is using their products and services that already meet the security controls. Others may charge anywhere from a few hundred dollars to several thousand depending on the complexity of your business and the audit required.

Will technical staff be available to help businesses throughout the certification process?

The government will not provide services to implement security controls, but Certification Bodies will be a trusted source of information and businesses can enlist the assistance of external consultants.

If I am a Cyber Essentials Certified company, what should I expect going forward?

If you are already a Cyber Essentials Certified Company please contact CyberNB as they will be able to answer any questions you have and help you through the transition going forward. You can reach them by telephone at 1-844–731–0222 or by email at info@CyberEssentialsCanada.ca. You can also find more information on their website at https://cyberessentialscanada.ca/.

How can I contact ISED if I need assistance?

You can contact ISED at:

Telephone:
  • Telephone (toll-free in Canada): 1-800-328-6189
  • Telephone (Ottawa): 613-954-5031
  • Fax: 343-291-1913
  • TTY (for hearing-impaired): 1-866-694-8389
Business hours:
8:30 a.m. to 5:00 p.m. (Eastern Time)
Via web chat:
Chat now
Via email:
ISED-ISDE@canada.ca
Mailing Address:
ISED Contact Centre
Innovation, Science and Economic Development Canada
C.D. Howe Building
235 Queen Street, 4th Floor
Ottawa, Ontario K1A 0H5
Tweet us:
@AskISED
Date modified: