Frequently asked questions

What is CyberSecure Canada?

CyberSecure Canada is Canada's only cyber certification program.

Why was CyberSecure Canada created?

Industry stakeholders and Canadians voiced concerns over Canada's cybersecurity resilience. The CyberSecure Canada program aims to promote trust in Canada's digital economy, both domestic and foreign.

What does it mean to be certified?

A certified organization has put in place the certification requirements of the 13 security control areas developed by the Canadian Centre for Cyber Security, Canada's cybersecurity experts.

Is certification mandatory?

No, certification is voluntary. However, certification will help improve an organization's level of cybersecurity.

Who can become certified?

All organizations in Canada are eligible for the certification program.

How can my organization become certified?

Secure your organization by implementing certification requirements; request your audit by an accredited certification body; get certified for two years.

How long will it take for my organization to become certified?

This will vary depending on your organization's current level of cybersecurity readiness, as well as its ability to implement the security controls.

How long is my certification valid?

Certification is valid for two years.

How much will the certification cost?

Accredited certification bodies set the certification price. To learn more, contact the accredited certification bodies directly.

How will Canadians know my organization is certified?

Certified organizations can choose to display a digital and/or decal certification mark. Certified organizations can also choose to be included in our certified organizations database.

What is an accredited certification body?

Accredited certification bodies are both public and private organizations accredited by the Standards Council of Canada. These accredited bodies evaluate a business's implementation of the program's certification requirements.

What are security control areas?

The security control areas list the requirements for certification. Each of the 13 security control areas include anywhere from one to eight certification requirements that are based on cybersecurity best practices.

What is an audit?

An audit is an assessment of your organization's implementation of the certification requirements.

Who can perform my audit and how can I request one?

An accredited certification body must complete the audit. To request an audit, you must implement the certification requirements and then register in the CyberSecure Canada portal. You will then choose your accredited certification body to perform the audit.

Are my audit results made public? Does the Government of Canada see my results?

No, the results of your audit and the documentation provided to your accredited certification body are not made public. If your organization chooses, you can display the certification mark and choose to be included in the certified organizations database.

What do I do if I am involved in a cyber incident?

If you have been involved in a cyber incident, you should follow the direction of the Canadian Centre for Cyber Security.

What should I expect if I am a Cyber Essentials Certified company?

If you are already a Cyber Essentials Certified company, please contact CyberNB.

How do I contact CyberSecure Canada?

Contact us.