CAN/DGSI 100-8:2023
This Standard aims to specify the minimum requirements for Organizations to protect data assets in
their custody from jurisdictional risks, while taking advantage of the global technology ecosystem.
The Standard is not intended to prescribe how an Organization should implement specific security
controls. Instead, the standard will guide Organizations using jurisdictional and technology-agnostic
approaches that can be adapted to address specific business requirements.
Considerations are given to:
? Identification and categorization of data assets;
? Development of an appropriate threat model;
? Identification of potential risks, including from laws in foreign jurisdictions; and
? Options to mitigate associated risks.
This Standard applies to all sectors, including public and private companies, government entities, and
not-for-profit Organizations.
This Standard assumes that the Organization implementing the following requirements has existing risk
management policies and procedures.
Note: For those applying the standard, where personally identifiable information (PII) is used in the
standard, local jurisdictional, legal and/or regulatory definitions shall apply.
OEN:
INGN
Langue:
English
Code(s) de l'ICS:
35.020;
35.030
Statut:
Norme
Date de Publication:
2023-04-30
Numéro Standard:
CAN/DGSI 100-8:2023