ARTICLE
24 June 2021

BC Financial Services Authority Revises Their Information Security And Outsourcing Guidelines

sL
Lawson Lundell LLP

Contributor

Lawson Lundell LLP logo
Lawson Lundell is a leading full-service law firm, known for our strategic approach to legal services. With over 160 lawyers, and offices in Vancouver, Calgary, Yellowknife and Kelowna, we are widely recognized for our depth of experience and innovative solutions to complex business law and litigation matters across various sectors.
Explore
Lexpert Firm Profile
In response to industry feedback after its initial release of the Information Security Guideline, BC Financial Services Authority (BC FSA) has issued.
Canada Employment and HR
Photo of Lisa Chamzuk
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

In response to industry feedback after its initial release of the Information Security Guideline, BC Financial Services Authority (BC FSA) has issued:

  1. A revised version of the Information Security Guideline and
  2. The new Outsourcing Guideline.

BC FSA advised in its Advisory 21-015 that accompanied the revised Information Security Guideline that the revisions reflect the response from the pension sector. The revised Information Security Guideline distinguishes between B.C. credit unions, insurance and trust companies on the one hand and pension plan administrators on the other. The prior version of the Information Security Guidelines applied equally to all of those entities, despite the differences in their scope, purpose and operational structures.

The revised Information Security Guideline still provides useful guidance to help each of the entities to which it applies, in relation to information security issues including:

  • Maintaining a risk management program;
  • Identifying the information security risks in respect of systems, people, assets, data and capabilities;
  • Protecting data and systems in light of the sensitivity and value of the data and information;
  • Establishing monitoring processes to detect information security incidents;
  • Developing response and recovery processes; and
  • Communicating with the BC FSA about "major" information security incidents.

The Outsourcing Guideline is a new document that sets out BC FSA's expectations for pension plan administrators (and insurance companies, trust companies and credit unions) that outsource one or more of their activities or functions. The Outsourcing Guideline sets out the BC FSA's expectations for pension plan administrators in respect of:

  • Conducting and documenting a materiality assessment for outsourcing arrangements;
  • Ensuring that policies for oversight of outsourced arrangements are documented;
  • Establishing contracts for outsourced, material functions;
  • Documenting how performance by the service provider will be measured;
  • Considering the qualifications of service providers;
  • Considering and managing the risks associated with material outsourcing arrangements; and
  • Ensuring that applicable records related rules are followed by the service provider.

The BC FSA welcomes feedback on the revised Information Security Guideline and on the Outsourcing Guideline by July 17, 2021.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Lisa Chamzuk
Lisa Chamzuk
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More