CIO Strategy Council Announces Approval of National Standard of Canada for Third-Party Access to Data

TORONTO, May 6, 2020 – The CIO Strategy Council is pleased to announce the publication of the new National Standard of Canada for third-party access to data that will help organizations create a trust environment for their third-party interactions and help secure their data assets.

Increasingly, organizations are relying on integration with third-party suppliers and vendors to help them perform business critical tasks from email, service delivery, supplementing staff or augmenting functionality. Without proper safeguards in place, this leaves them vulnerable to data breaches and improper conduct, placing organizations at a risk to their reputation, data safety and even operations.

CAN/CIOSC 100-2:2020 was prepared by the Council’s Technical Committee on Data Governance, comprised of over 100 experts and thought leaders cutting across industry, government, academia and civil society.

“As COVID-19 makes industries, governments and businesses adapt to a remote workforce, the Government of Canada looks to ensure that Canadians can trust that their personal information and data remains safe,” said the Honourable Navdeep Bains, Minister of Innovation, Science and Industry. “Through the Digital Charter, we have laid out principles that are guiding our work as we update our laws and standards. I’m pleased to see the CIO Strategy Council advance that work through the development of this national standard, offering businesses the guidelines and framework to ensure that their remote, third-party interactions, and the information shared in the process, are safe.”

“Data integration and open collaboration requires a trust environment where organizations, customers and the public alike can have the highest confidence that their data assets are secured from potential breaches” said Keith Jansa, the Executive Director of the CIO Strategy Council. “This new National Standard of Canada, CAN/CIOSC 100-2, provides organizations the right set of controls to secure their third-party interactions.”

This National Standard of Canada specifies minimum requirements and a set of privacy controls for third-party access to data that apply to all organizations, including public and private companies, government entities, and not-for-profit organizations.

This National Standard of Canada is available at no cost, in both of Canada’s official languages, and can be viewed here.


“Canada can and must create a successful framework for data governance that drives economic growth, while also addressing Canadians’ concerns regarding privacy and security measures. A strong baseline of Canadian trust – is a cornerstone of our growing digital economy. I applaud The CIO Strategy Council’s leadership in making this critical foundation a reality.” – Angela Mondou, President and CEO of TECHNATION.

“As a member of the CIO Strategy Council, we are proud to have been a primary contributor to this essential standard to create a trusted environment for third-party data access. At Tehama, we provide solutions that secure and audit all third-party access to data and systems. The CIO Strategy Council is driving a very innovative standard for third-party data access that, when adhered to, will differentiate Canadian organizations in the global market due to the enhanced duty of care to prevent data breaches and IP theft.”Paul Vallée, CEO of Tehama.

About CIO Strategy Council
The Council Strategy Council (CIOSC) provides a forum for Canada’s most forward-thinking Chief Information Officers to focus on collectively transforming, shaping, and influencing the Canadian information and technology ecosystem. The Council has deployed a nationally-accredited, agile, and consensus-based standards-setting process that matches the speed of innovation and advancement in ICT. Learn more at


For more information:

Madi Murariu
Vice President, Strategic Initiatives and Partnerships
CIO Strategy Council

Share This Article

Scroll to Top

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy