BC Financial Services Authority Revises Their Information Security And Outsourcing Guidelines – Employment and HR


Canada:

BC Financial Services Authority Revises Their Information Security And Outsourcing Guidelines


To print this article, all you need is to be registered or login on Mondaq.com.

In response to industry feedback after its initial release of
the Information Security Guideline, BC Financial Services Authority
(BC FSA) has issued:

  1. A revised version of the Information Security
    Guideline
     and

  2. The new Outsourcing Guideline.

BC FSA advised in its Advisory 21-015 that
accompanied the revised Information Security Guideline that the
revisions reflect the response from the pension sector. The revised
Information Security Guideline distinguishes between B.C. credit
unions, insurance and trust companies on the one hand and pension
plan administrators on the other. The prior version of the
Information Security Guidelines applied equally to all of those
entities, despite the differences in their scope, purpose and
operational structures.

The revised Information Security Guideline still provides useful
guidance to help each of the entities to which it applies, in
relation to information security issues including:

  • Maintaining a risk management program;

  • Identifying the information security risks in respect of
    systems, people, assets, data and capabilities;

  • Protecting data and systems in light of the sensitivity and
    value of the data and information;

  • Establishing monitoring processes to detect information
    security incidents;

  • Developing response and recovery processes; and

  • Communicating with the BC FSA about “major”
    information security incidents.

The Outsourcing Guideline is a new document that sets out BC
FSA’s expectations for pension plan administrators (and
insurance companies, trust companies and credit unions) that
outsource one or more of their activities or functions. The
Outsourcing Guideline sets out the BC FSA’s expectations for
pension plan administrators in respect of:

  • Conducting and documenting a materiality assessment for
    outsourcing arrangements;

  • Ensuring that policies for oversight of outsourced arrangements
    are documented;

  • Establishing contracts for outsourced, material functions;

  • Documenting how performance by the service provider will be
    measured;

  • Considering the qualifications of service providers;

  • Considering and managing the risks associated with material
    outsourcing arrangements; and

  • Ensuring that applicable records related rules are followed by
    the service provider.

The BC FSA welcomes feedback on the revised Information
Security Guideline and on the Outsourcing Guideline by July 17,
2021.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Employment and HR from Canada

Employers Brace For A Rush To The Exit

Lawyers Financial

Nobody was planning for the pandemic, but everyone should be planning for what comes next. For Canada’s law firms, that includes preparing for a potential rush to the exits.