All Published Standards

Every published standard listed by subject area.

Note that all standards published before January 30, 2023 remain valid and designated CIOSC under the authority of the CIO Strategy Council. These standards when updated as new editions will be published by the Digital Governance Standards Institute. 

Agricultural Blockchain

CIOSC/TS 114, Technical Specification for Agricultural Blockchain – Traceability of Canola Through the Canadian Supply Chain

This Specification presents a set of requirements to manage the traceability of canola, from crop production through handling and processing to retail distribution for consumers. 
Read more

Automated Decision Systems (AI)

CAN/CIOSC 101, Ethical Design and Use of Automated Decision Systems

Protecting human values and incorporating ethics in the design and use of automated decision systems (AI).
Read more

DGSI /WA 126, Baseline Requirements for Vendors Offering AI/ML Lifecycle Solutions to Financial Institutions

Setting baseline requirements will enable vendors to understand FIs assessment criteria when outsourcing AI lifecycle solutions. The baseline requirements in this workshop agreement will identify specific criteria arising in the context of FIs compliance, operational, and reputational risk management requirements. The workshop agreement is intended to be used by third-party vendors offering AI/ML solutions to FIs
Read more


CAN/DGSI 120: Use of Biometrics for Authentication

This standard proposes to explain various attacks on remote biometric systems and how they can be mitigated

Read more

Connected Cities

CAN/DGSI 106-1, Connected Cities – Part 1: Discovery of Digital Twins for Built Environments

The CAN/DGSI 106 series of Standards specifies minimum requirements for the discovery and
management activities for context-rich, digital representations of built environments (i.e., digital twin).

The following are within the scope of CAN/DGSI 106-1:

  • Acquiring, collection, and organization of information and data on different subsystems and protocols used to discover and define built environments.
  • Acquiring data, documentation, and maintenance of a master set of relevant location mappings of a given built environment, including the association of physical assets to a specific location.

Read more


CAN/CIOSC 104, Baseline Cyber Security Controls for Small and Medium Organizations

Specifies a minimum set of cyber security controls for businesses with less than 500 employees.
Read online

CAN/DGSI 105, Cybersecurity of Industrial Internet of Things (IIoT) Devices

Cybersecurity controls for IIoT devices to meet requirements for security, safety, confidentiality, integrity, and availability. 
Read more

CAN/DGSI 118: Cyber Resiliency in Healthcare

Standards that support cyber resiliency in Canada’s healthcare system and address cybersecurity threats.
Read more

Data Governance

CAN/DGSI 100-1, Data Governance – Part 1: Data Centric Security

Minimum requirements for products and/or services providing data protection of digital assets.
Read more

CAN/DGSI 100-2, Data Governance – Part 2: Third-Party Access to Data

Specifies minimum requirements and a set of privacy controls for third-party access to data.
Read more

CAN/DGSI 100-4, Data Governance – Part 4: Scalable Remote Access Infrastructure

Helps organizations mitigate security risks associated with enterprise technologies used for remote access. 
Read more

CAN/CIOSC 100-6, Data Governance – Part 6: The Responsible Use of Digital Contact Tracing, Monitoring Data in the Workplace

Acceptable and responsible collection and use of contact tracing and monitoring data in the workplace. 
Read more

CAN/DGSI 100-7, Data Governance – Part 7: Operating model for responsible data stewardship

Stewardship, accountability and management of data whenever a legal entity collects, uses or shares it. 
Read more

CAN/DGSI 100-8: Data Governance – Part 8 – Framework for Geo-Residency and Sovereignty

Specifies minimum requirements for organizations to protect data assets that reside in foreign entities.  
Read more

CAN/CIOSC 100-9, Data Governance - Part 9: Zero-Copy Integration

This standard specifies implementation methods for zero copy integration, sharing, and exchange of data.

Read more

CAN/DGSI 117, English-French Lexicon for Digital Governance and Technologies

Defines terms used in digital governance and technologies in both English and French to ensure they are aligned.
Read more

Digital Assets and Nonfungible Tokens

Standard title

Coming soon
Read more

Digital Credentials

DGSI/TS 115,Technical Specification for Digital Credentials and Digital Trust Services

Ensures that digital credentials and trust services are interoperable and create a seamless experience for users. 
Read more

Digital Skills

CAN/DGSI 112, National Occupational Standard for Cybersecurity

Requirements for entry-level qualifications for cybersecurity professionals, including those working in IT security.
Read more

Digital Trust & Identity

CAN/DGSI 103-1, Digital Trust & Identity – Part 1: Fundamentals

This Standard specifies requirements for maintaining trust in digital services that assert or consume data on identities of people and organizations. 
Read more

CAN/DGSI 103-2, Digital Trust & Identity – Part 2: Delivery of Healthcare Services

Federating the exchange of health information between systems.
Read more

Electoral Voting Technolgies

DGSI 119-1: Standard for Vote Tabulators

This standard specifies minimum technical requirements for technology currently used in Ontario provincial elections for vote tabulators. 
Read more

DGSI 119-2: Standard for Electronic Poll Books

This proposed standard will specify minimum technical requirements for voting technology and equipment currently used in Ontario provincial elections for electronic poll books. 
Read more

Health Data & Information

CAN/DGSI 100-5, Data Governance – Part 5: Health Data and Information Capability Framework

Guidance to health information organizations on the collection, use, storage, protection, and distribution of data. 
Read more

Impact Statement

DGSI/TS 122, Technical Specification (TS) for Impact Statements for profit-oriented entities

This Specification describes the basis for presentation of impact statements to ensure comparability both with the entity’s impact statements of previous periods and with the impact statements of other entities.

Read More

Modern Procurement

CAN/DGSI 108, Agile and open procurement of digital solutions

This Standard aims to specify minimum requirements for preparing, developing, and conducting challenge-based, agile and open procurement of digital products and services.

This Standard defines a framework for organizations evaluating the suitability of digital product and service providers using “challenge-based” criteria. This methodology requires organizations sourcing digital, technological, research-based and defence products and services to illustrate desired outcomes rather than issuing prescriptive requirements.

Read more

Online Electoral Voting

Standard title

Coming soon
Read more

Open Finance

CAN/DGSI 110-1, Open Finance – Part 1: Customer Experience

This Standard specifies minimum requirements for planning, designing, developing, implementing, maintaining, and improving the customer experience surrounding access to customer banking, transaction, and other financial data from bank and non-bank financial institutions.

This Standard is applicable to financial product- and service-related organizations. It is intended for use by any organization regardless of its type or size, or the financial products and/or services it provides, including third-party providers that design products or services to facilitate access to customer banking, transaction, and other financial data from bank and non-bank financial institutions.

This Standard includes provisions on design and experience principles, authentication, authorization, consent, and data portability. 
Read more

Privacy & Access Control

CAN/DGSI 109-1, Privacy – Part 1: Qualification and Proficiency of Access-to-Information, Privacy, and Data Protection Professionals

This Standard specifies minimum requirements for qualification and proficiency of privacy and access control professionals.

This Standard defines a framework for individuals seeking to demonstrate their competencies and qualifications as access-to-information, privacy, and data protection professionals, as well as organizations seeking to offer training and certification programs.

This Standard applies to professionals in all sectors, including public and private companies, government entities, not-for-profit and charitable organizations.
Read more

CAN/DGSI 109-2, Privacy - Part 2: Canadian information Privacy Protection Framework

Minimum requirements for organizations that handle personal information in Canada.

Read more

Scroll to Top

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy