On Jan. 15, 2025, C-OSFI reported that new incident reporting form will be effective on Apr. 1, 2025; should continue using the old incident reporting form until that date.
On Jun. 30, C-OSFI issued draft cyber/tech incident reporting form.
C-OSFI issued draft cyber/tech incident advisory and reporting form for pension plans.
Incident Form
C-OSFI issued an advisory and reporting form with guidance for how or when to report a cyber incident that affects a federally regulated private pension plan (FRPP).
Admins should complete/send a report to within 24 hours of discovering an incident.
If all information not available, state not yet available but enter/estimate known data.
Comment Period
Comments on the advisory and draft reporting form should be sent by Sep. 30, 2023.
Summary of comments and OSFI responses will be posted on the OSFI website.
Jan. 2025 C-OSFI Reporting Form
On Jan. 15, 2025, C-OSFI reported that new incident reporting form will be effective on Apr. 1, 2025; should continue using the old incident reporting form until that date.
