CIRO Cybersecurity Self-Assessment Tool for CIRO Dealer Members

Overview

CIRO is committed to supporting the Canadian investment industry with education on cybersecurity risk. As part of this commitment, CIRO has updated the cybersecurity self-assessment tool (self-assessment tool) that was developed in 2022 primarily for our small and medium-sized dealer members to assess their own cybersecurity preparedness and identify areas for improvement.

Key updates

The updated self-assessment tool maintains the structure of the original questionnaire for consistency and features the following enhancements:

• updates to align the questionnaire with Cybersecurity Maturity Model Certification (CMMC) version 2.0 and International Organization for Standardization (ISO) 27001:2022.
• reporting aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0.
• comparative reporting to prior assessments based on CMMC and ISO 27001.

Accessing the self-assessment tool

The self-assessment tool is available to CIRO dealer members. The dealer member’s UDP, CFO, or CCO can request a copy of the self-assessment tool from CIRO by filling out this form.

Self-assessment tool results

The results of the self-assessment will provide an indication of the relative risk associated with the collection of cybersecurity measures protecting the CIRO dealer member being assessed.

These results will be summarized in three main reports:

• Domain area by Risk
• Assessment results by Domain
• Assessment results by Capability

CIRO expectations on use

The use of the self-assessment tool is voluntary. However, given the ever-growing threat of cyberattacks and risk of cyber breaches, we strongly encourage that all dealer members conduct a cybersecurity self-assessment as often as needed but at least once every two years to assess their posture and maturity and identify any critical gaps.

Additional resources

You can get further information on the self-assessment tool by

1. watching a short instructional video to provide guidance on how to use the self-assessment tool.
2. sending questions on the self-assessment tool to cyberquestions@ciro.ca.
3. referring to the Cybersecurity & Technology section of our website for additional guides and resources that will help protect you and your clients against cybersecurity threats and attacks.