OSFI – Intelligence Led Cyber Resilience Testing (I-CRT) framework
Effective date: |
Issued April 21, 2023 |
Last updated: |
April 2023 |
Overview
On April 21, 2023, the Office of the Superintendent of Financial Institutions (OSFI) released this framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack. The Intelligence Led Cyber Resilience Testing (I-CRT) framework outlines a methodology and serves as an implementation guide for federally regulated financial institutions (FRFIs) conducting I-CRT assessments.
Under the I-CRT framework, OSFI provides guidance and oversight throughout the assessment, while FRFIs manage overall testing. Consistent with OSFI’s Guideline B-13 – Technology and Cyber Risk Management, OSFI expects FRFIs to have measures in place that create resilience against cyber attacks and disruptions. The I-CRT framework is a supervisory tool that supplements Guideline B-13 with I-CRT assessments that allow FRFIs to proactively identify and address issues with their cyber resilience.
The I-CRT framework currently applies to Canada’s systemically important banks (SIBs) and internationally active insurance groups (IAIGs). OSFI recommends that these institutions conduct an I-CRT assessment at least once during each three-year supervisory cycle, beginning in 2023.
Review the press release and the Framework on OSFI's Web site.
Recent developments
Date |
Development |
Comments |
April 21, 2023 |
OSFI issued its Intelligence Led Cyber Resilience Testing (I-CRT) framework |
For further details refer to the OSFI press release. |
Amendments under consideration
- None