Baseline Cyber Security Controls for Small and Medium Organizations
CAN/CIOSC 104: 2021
What this Standard Covers
This Standard specifies a minimum set of cyber security controls intended for small and medium organizations, which typically have less than 500 employees.
About this Standard
Intended for Conformity Assessment?
Download This Standard
Our standards are always free for non-commercial use.
Note that all standards published before January 30, 2023 remain valid and designated CIOSC under the authority of the CIO Strategy Council. These standards when updated as new editions will be published by the Digital Governance Standards Institute.
This standard is subject to technical committee review beginning no later than one year from the date of publication. The completion of the review may result in a new edition, revision, reaffirmation or withdrawal of the standard.