The Baseline Cyber Security Controls for small and medium-sized organizations is called CAN/CIOSC 104 and was issued to protect against the increased level of cyber risk faced.

If you are a small and medium-sized organization in Canada (i.e. an organization with less than 500 employees), you should comply with CAN/CIOSC 104 National Standard of Canada in order to mitigate cyber risk.

Small and medium-sized organizations are the growth engine of the economy and create more jobs than other types of organizations and are increasingly the target of cyber attackers and are falling victim to attacks due to limited resources and knowledge about cybersecurity.

CAN/CIOSC 104: Cyber Security Canada


CAN/CIOSC 104 provides for a baseline of 55 cyber security controls.

If an organization’s risk profile is low, 24 controls are prescribed under level 1.

If an organization’s risk profile is moderate or high, the 24 controls, plus an additional 31 are prescribed, for a total of 55 controls under level 2.

CAN/CIOSC 104 prescribes a compliance and risk assessment, and implementation of a variety of cyber security controls to prevent, detect and respond to cyber threats. Also, training of employees.

CAN/CIOSC 104: Continuous Compliance Assessment

As a small and medium-sized business (SMB), you may not know which standard to follow, which controls to implement or how-to and you have limited resources.

This is where CyberCatch comes in. CyberCatch platform helps you implement the necessary controls so you can stay safe from attackers and focus on growing your business.


Sign up for the CyberCatch Continuous Compliance Assessment (CCA) Solution to attain and maintain compliance with CAN/CIOSC and be safe from cyber threats.

CAN/CIOSC 104 control requirement also prescribes periodic review and/or testing of the controls implemented to ensure effectiveness.


Using CyberCatch is like having an armed security guard continuously checking that all your doors and windows are locked while also monitoring outside and inside with a video alarm system, so the burglar will not even try and will move on to another victim that is not secure.


CyberCatch SaaS Automated Controls Testing

Sign up for the Automated Controls Testing Solution to attain and maintain compliance with CAN/CIOSC and stay safe from cyber threats.


Annual subscription based on the number of employees.
Most-affordable pricing. Only one fee for either CCA or ACT. Pay annually and save:

1 - 50

$ 250 per month
  • or $2,500 / Annually
  • Savings 500

51 - 100

$ 500 per month
  • or $5,000 / Annually
  • Saving $1,000

101 - 250

$ 750 per month
  • or $7,500 / year
  • Saving $1,500

251 - 499

$ 1k per month
  • or $10,000 / year
  • Saving $2,000

Ready to Get Started?


CyberCatch’s Cyber Incident Simulator (CIS) Solution is comprised of an online 3D virtual table-top exercise to simulate a ransomware attack and test your incident response plan and ability as an organization to withstand such an attack and not suffer irreparable damage and not be able to recover.

No matter what type of an SMB you are. 

Now you can find and fix the deficiencies, before it is too late.

Annual subscription.
Updated periodically with new cyber threat scenarios.

Sign up and complete a virtual table-top exercise with your team in 90 minutes or less. You’ll get:

Sign up for the CyberCatchCyber Incident Simulator (CIS) to comply with CAN/CIOSC, but also strengthen your cyber resiliency so you can stay safe from cyber threats.

Ready to Get Started?

Cyber Incident Simulator (CIS)