Office of the Superintendent of Financial Institutions
The Office of the Superintendent of Financial Institutions (OSFI) has identified cyber risk as a key issue in its
Annual Risk Outlook – Fiscal Year 2023-2024.
OSFI is issuing a draft version of an advisory titled
Technology and Cyber Security Incident Reporting (Advisory) and its
accompanying incident reporting form (Incident Report). The Advisory sets out OSFI’s expectations for when and how a technology or cyber incident that affects a federally regulated private pension plan (FRPP) should be reported to OSFI.
Questions and comments concerning this Advisory and Incident Report should be sent to
email@example.com. A non-attributed summary of comments received along with OSFI’s responses will be posted on OSFI’s website when the final Advisory and Incident Report are released. Comments should be provided no later than September 30, 2023.
Any reporting of a technology or cyber incident affecting an FRPP should be submitted to OSFI (firstname.lastname@example.org) using the draft Incident Report until it is replaced by the final version.
Henri Boudreau Managing Director, Insurance and Pensions