Interested in participating and helping to shape CIO Strategy Council standards?
Please contact Keith Jansa, Executive Director, to get involved.
Posting Date: CIOSC Standards No. Title Scope Project Need
2019-06-05 CAN/CIOSC 100-n Series of standards for data governance This proposed series of standards aims to specify minimum requirements for the acceptable and ethical use of data within and exchanged between organizations, including its availability, collection, usability, consistency, integrity and security. This standard applies to the governance of current and future use of data that is created, collected, stored or controlled by ICT systems, and impacts the management processes and decisions relating to data. Considerations are given to:
Data collection, organization and grading: addressing records inventories; devices, sensors, and systems inventories; data organization, classification and taxonomy; data mapping and secondary uses; cataloguing data holdings from different sources; identifiers and categorizations as reference information; and data quality;
Data access, sharing, interoperability, privacy, protection and retention: addressing data exchange; access rights and credentials; data pools, data trusts and data marts; anonymization of data sources; consent receipts, and IoT devices and systems;
Data analytics and solutions: addressing collaborative approaches to develop, prototype, commercialize and license new solutions stemming from data analytics for the benefit of participants in already established supply chains.
Sector specific requirements: addressing differences in how each sector of Canada’s economy (e.g., resources of the future; advanced manufacturing; health and biosciences; agri-food; smart cities) operates from objectives, constraints, and legacy systems to regulatory frameworks and cultures.
Organizations are calling for guidance and market certainty, including Canada’s economic strategy tables to: create new data streams through the deployment of IoT devices across supply chains; share data between organizations in safe and secure ways; and gain insights from secondary uses of existing datasets.
Over the past year, several themes (e.g., data ownership, interoperability, trustworthiness, cybersecurity, etc.) associated with sound data governance have emerged. Consistent requirements and guidance on these themes are necessary to create a comprehensive governance framework for data governance.
2019-06-05 CAN/CIOSC 100-1 Data governance – Data protection of digital assets This proposed standard aims to specify minimum requirements for the data protection of all digital assets at-rest, in-motion, and in-use across platforms (e.g., endpoints, mobile, cloud), facilitating secure sharing and collaboration across different IT systems within and between organizations. The data protection market is driven by growth of enormous amount of data, proliferation of devices, need for data security and privacy, new regulations and rising concerns of critical data loss in the on-premises environment. There is a growing need to protect confidential and sensitive data of these critical sectors, relating to government, prime contractors, suppliers, personally identifiable information, client trade secrets, details on mergers and acquisitions, media assets, designs, Intellectual Property, which if it falls in the wrong hands can be detrimental to the organization.
2018-07-31 CAN/CIOSC 100-2 Data governance - Data access and privacy This proposed standard aims to specify minimum requirements for the collection, maintenance, sharing, and use of big data by applications, software, sensors, and any other means of data collection used for informational analysis, including, but not limited to machine learning, computer vision, deep learning or other kinds of analysis. Data collection and use has proliferated at alarming speeds with the launch of online platforms, smart devices and everything Internet of Things (IoT). The evolving technology landscape has transformed the way in which data, personal, corporate or otherwise, is accessed, used and monetized. The need to ensure the ethical and responsible use of big data has never been greater.
2019-06-05 CIOSC 102 Qualification and certification of big data and machine learning personnel This proposed standard aims to specify minimum requirements for the qualification and certification of personnel who perform big data analytics and develop machine learning algorithms. Employer demand for talent with machine learning (ML) and artificial intelligence (AI) skills has already risen dramatically. The current talent pool for ML and AI is finite. This is a reality that both smaller companies and larger enterprises in the sector looking to hire for these skill sets are feeling the impact of, resulting in calls for a common set of requirements for the qualifications of big data and machine learning personnel.
2019-10-08 CAN/CIOSC 103-1
Digital trust and identity – Part 1: Fundamentals
Digital identity and trust – Part 2: Delivery of health care services
This proposed national standard (Part 1) aims to specify minimum requirements and a set of controls for developing, implementing, operating, monitoring, and governing trust in systems and services that consume and assert digital identity within and between organizations.
This proposed national standard (Part 2) aims to specify minimum requirements for a user-centric, interoperable health network that securely binds a health care identity to strong digital credentials to facilitate appropriate and user directed sharing of that identity and associated data between approved digital services on-demand.
While identity and risk can be largely mitigated by default in the physical world through closed and fragmented systems, established standards and regulatory safeguards, the same cannot be said in an online world. In the absence of a national standard, public and private sector organizations are continuing to rely on organization-specific, vendor-driven and ad-hoc document-based identity management processes, impacting integrity, security, privacy, trust, and service delivery.
2019-12-11 CAN/CIOSC 104 Baseline Cyber Security Controls for Small and Medium Organizations This proposed standard aims to specify a minimum set of cyber security controls for small and medium organizations. Supports Canada’s National Cyber Security Strategy and Canada’s CyberSecure Program.