CAN/DGSI 104 Compliance Services in Ontario

What is CAN/DGSI 104?

CAN/DGSI 104:2021 / Rev 1:2024 is the National Standard of Canada that defines a minimum baseline of cybersecurity controls for small and medium organizations (typically 1–500 employees).

The Standard provides a practical roadmap for building cybersecurity maturity in a scalable, step-by-step way. The standard is designed for conformity assessment and aligns with global frameworks such as NIST, ISO/IEC 27001, and PCI DSS.

Small and medium businesses are now a top target for cyberattacks in Canada. By following CAN/DGSI 104, businesses can strengthen resilience against cyberattacks, reduce risks, and build trust with clients, partners, and insurers.

Want the full checklist?

Our free CAN/DGSI 104 Summary PDF gives you a step-by-step outline of Level 1 and Level 2 controls. Perfect for business owners and managers who want to gauge where their company’s cyber security stands today.

Who Must Meet CAN/DGSI 104 Compliance Standards?

While not mandated by law, CAN/DGSI 104 is highly recommended for:

Smb

Small and Medium Businesses

Companies across all sectors up to 500 employees

Cyberinsurance

Companies Seeking Cyber Insurance

Insurance providers have strict requirements for coverage.

Supplier

Suppliers to Larger Enterprises

Companies expect basic cybersecurity maturity from vendors.

What Does CAN/DGSI 104 Cover?

The standard outlines a two-tiered approach to cybersecurity:

Level 1 (Foundational): Basic protections for organizations with limited IT resources, including:

leadership accountability
employee training
patching
backups
strong authentication
incident response planning

Level 2 (Advanced): Builds on Level 1 with more mature practices, including:

perimeter defenses
secure employee login management (centralized identity management)
vendor due diligence
secure cloud and mobile practices
automated change/access logs (log management)

Cybersecurity Essentials for CAN/DGSI 104 Compliance

Key responsibilities include:

tenancy

Leadership & Accountability

Appointing a senior leader to oversee cybersecurity programs and resources.

school

Employee Training

Raising awareness on phishing, password hygiene, software updates, and least privilege.

e911_emergency

Incident Response Planning

Having a documented, tested plan for responding to cyber incidents.

backup

Data Protection & Backups

Encrypting sensitive data, storing secure backups, and testing recovery procedures.

disabled_visible

Access & Authentication

Implementing MFA, secure password policies, and access control.

checklist

Vendor & Cloud Security

Assessing third-party risks and requiring security certifications or compliance evidence.

Take the First Step Toward CAN/DGSI 104 Compliance

Navigating cybersecurity standards can be complex, but our expert team makes it manageable. At allCare IT, we:

Assess your environment against CAN/DGSI 104 controls
Provide tailored remediation plans to close compliance gaps
Deliver employee training and awareness programs
Offer ongoing monitoring and support to keep your organization secure

Your information