All Published Standards
Every published standard listed by subject area.
Note that all standards published before January 30, 2023 remain valid and designated CIOSC under the authority of the CIO Strategy Council. These standards when updated as new editions will be published by the Digital Governance Standards Institute.
This Specification presents a set of requirements to manage the traceability of canola, from crop production through handling and processing to retail distribution for consumers.
Automated Decision Systems (AI)
Protecting human values and incorporating ethics in the design and use of automated decision systems (AI).
Setting baseline requirements will enable vendors to understand FIs assessment criteria when outsourcing AI lifecycle solutions. The baseline requirements in this workshop agreement will identify specific criteria arising in the context of FIs compliance, operational, and reputational risk management requirements. The workshop agreement is intended to be used by third-party vendors offering AI/ML solutions to FIs
The CAN/CIOSC 106 series of Standards specifies minimum requirements for the discovery and
management activities for context-rich, digital representations of built environments (i.e., digital twin).
The following are within the scope of CAN/CIOSC 106-1:
- Acquiring, collection, and organization of information and data on different subsystems and protocols used to discover and define built environments.
- Acquiring data, documentation, and maintenance of a master set of relevant location mappings of a given built environment, including the association of physical assets to a specific location.
Specifies a minimum set of cyber security controls for businesses with less than 500 employees.
Cybersecurity controls for IIoT devices to meet requirements for security, safety, confidentiality, integrity, and availability.
Standards that support cyber resiliency in Canada’s healthcare system and address cybersecurity threats.
Minimum requirements for products and/or services providing data protection of digital assets.
Specifies minimum requirements and a set of privacy controls for third-party access to data.
Helps organizations mitigate security risks associated with enterprise technologies used for remote access.
Acceptable and responsible collection and use of contact tracing and monitoring data in the workplace.
Stewardship, accountability and management of data whenever a legal entity collects, uses or shares it.
Specifies minimum requirements for organizations to protect data assets that reside in foreign entities.
This standard specifies implementation methods for zero copy integration, sharing, and exchange of data.
Defines terms used in digital governance and technologies in both English and French to ensure they are aligned.
Digital Assets and Nonfungible Tokens
Ensures that digital credentials and trust services are interoperable and create a seamless experience for users.
Digital Trust & Identity
This Standard specifies requirements for maintaining trust in digital services that assert or consume data on identities of people and organizations.
Federating the exchange of health information between systems.
Electoral Voting Technolgies
Health Data & Information
Guidance to health information organizations on the collection, use, storage, protection, and distribution of data.
This Specification describes the basis for presentation of impact statements to ensure comparability both with the entity’s impact statements of previous periods and with the impact statements of other entities.
This Standard aims to specify minimum requirements for preparing, developing, and conducting challenge-based, agile and open procurement of digital products and services.
This Standard defines a framework for organizations evaluating the suitability of digital product and service providers using “challenge-based” criteria. This methodology requires organizations sourcing digital, technological, research-based and defence products and services to illustrate desired outcomes rather than issuing prescriptive requirements.
Online Electoral Voting
This Standard specifies minimum requirements for planning, designing, developing, implementing, maintaining, and improving the customer experience surrounding access to customer banking, transaction, and other financial data from bank and non-bank financial institutions.
This Standard is applicable to financial product- and service-related organizations. It is intended for use by any organization regardless of its type or size, or the financial products and/or services it provides, including third-party providers that design products or services to facilitate access to customer banking, transaction, and other financial data from bank and non-bank financial institutions.
This Standard includes provisions on design and experience principles, authentication, authorization, consent, and data portability.
Privacy & Access Control
This Standard specifies minimum requirements for qualification and proficiency of privacy and access control professionals.
This Standard defines a framework for individuals seeking to demonstrate their competencies and qualifications as access-to-information, privacy, and data protection professionals, as well as organizations seeking to offer training and certification programs.
This Standard applies to professionals in all sectors, including public and private companies, government entities, not-for-profit and charitable organizations.