Lois et règlements codifiés
Lois codifiées
Règlements codifiés
Lois et règlements annuels
Lois annuelles
Règlements annuels
Information complémentaire
L’Éditeur officiel du Québec
Quoi de neuf?
Note d’information
Politique du ministre de la Justice
Lois : Modifications
Lois : Dispositions non en vigueur
Lois : Entrées en vigueur
Lois annuelles : Versions PDF depuis 1996
Règlements : Modifications
Règlements annuels : Versions PDF depuis 1996
Décisions des tribunaux
A-8.2, r. 0.1 - Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents
FrançaisArticle 3
Versions de la disposition
3. A financial institution or a credit assessment agent must develop and implement an information security incident management policy that includes, without limitation, procedures and mechanisms for detecting, assessing and responding to information security incidents that may occur within the institution, a credit union that is a member of a federation, the credit assessment agent, or a third party to which such institution, credit union that is a member of a federation, or credit assessment agent has entrusted the performance of any part of an activity, if the incident affects the activity entrusted to such third party.
The information security incident management policy shall also contain a procedure for the reporting of information security incidents to the officers or, where applicable, the managers of the financial institution or the credit assessment agent, including a procedure for the reporting of such incidents thereto when they occur within a credit union that is a member of a federation or a third party referred to in the first paragraph.
Furthermore, the policy must include a procedure for the reporting of incidents to any other stakeholders, including clients, third parties to which the institution or agent has entrusted the performance of any part of an activity, consumers, the Autorité des marchés financiers, and any other regulatory bodies.
In force: 2025-04-23
3. A financial institution or a credit assessment agent must develop and implement an information security incident management policy that includes, without limitation, procedures and mechanisms for detecting, assessing and responding to information security incidents that may occur within the institution, a credit union that is a member of a federation, the credit assessment agent, or a third party to which such institution, credit union that is a member of a federation, or credit assessment agent has entrusted the performance of any part of an activity, if the incident affects the activity entrusted to such third party.
The information security incident management policy shall also contain a procedure for the reporting of information security incidents to the officers or, where applicable, the managers of the financial institution or the credit assessment agent, including a procedure for the reporting of such incidents thereto when they occur within a credit union that is a member of a federation or a third party referred to in the first paragraph.
Furthermore, the policy must include a procedure for the reporting of incidents to any other stakeholders, including clients, third parties to which the institution or agent has entrusted the performance of any part of an activity, consumers, the Autorité des marchés financiers, and any other regulatory bodies.
