Information security management — Guidelines for cyber-insurance
Scope:
This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework.
This document gives guidelines for:
a) considering the purchase of cyber-insurance as a risk treatment option to share cyber-risks;
b) leveraging cyber-insurance to assist manage the impact of a cyber-incident;
c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber-insurance policy;
d) leveraging an information security management system when sharing relevant data and information with an insurer.
This document is applicable to organizations of all types, sizes and nature to assist in the planning and purchase of cyber-insurance by the organization.
Project need:
To review the Standard within the required 5 year period.
Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.
Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.