News & Updates

OSFI releases advisory with expectations for reporting technology or cyber security incidents that affect FRPPs

Authors:
BMKP Logo

July 26, 2023

A hologram of a large lock

The Office of the Superintendent of Financial Institutions (OSFI) recently released an advisory describing expectations for reporting technology or cyber security incidents that would affect a federally regulated private pension plan (FRPP).

When a cyber security or technology incident occurs, OSFI expects FRPP administrators to notify OSFI by filing the Technology and Cyber Incident Report for FRPPs (Incident Report). OSFI considers a technology or cyber security incident to be an incident that has an impact, or the potential to have an impact, on the operations of a FRPP, including its confidentiality, integrity or the availability of its systems and information.

The requirement to notify OSFI should be reflected in a FRPP's risk management framework or resiliency plan.

Questions and comments concerning this Advisory should be provided no later than September 30, 2023.

Find the full advisory by clicking on more information below:

More Information

Share
Print this Page icon

Read More

Coal/mine workers in Sask, Canada}

September 15, 2025
Arbitrator declines to hear union grievance over short-term disability provider's medical forms, citing jurisdictional limits
Upward graph on blue background}

September 12, 2025
Canadian pension plans return 0.6% in second quarter; median up 1.8% for the year-to-date: Northern Trust
Credit Union Dispute}

September 10, 2025
Union loses bid to compel employer to implement jointly sponsored pension plan as B.C. Supreme Court holds contract terminated by prior damages claim
Canadian Federal Govt}

September 08, 2025
Federal government's proposed amendments to Income Tax Act include pension-related changes

See More Media