Compliance Reports: Bill 198

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on May 14, 2019
Version 174Show Document
  • Comment0
  • View in full screen mode
 

Bill 198 empowers the Ontario Securities Commission to develop guidelines to protect investors in public Canadian companies by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.

Dependencies

The Bill 198 compliance reports have the following dependencies.

               
SA RulesApp Rules

Accounts Created

Accounts Deleted

Accounts Modified

Group Management

Password Changes

Password Changes Summary

User Access Revoked

Admin Access to Compliance Systems Details

Admin Access to Compliance Systems Summary

Access To Compliance Data Details

Access to Compliance Data Summary

User Access to Compliance Systems Details

User Access to Compliance Systems Summary

Logon Failures Details

Logon Failures Summary

Change in Audit Settings

account:created

account:deleted

account:modified

account:group-management

access:user-access-revoked

account:password-change

account:logon-failure

config:change-audit-setting

account:logon-success

alm:cardholder-data

Citations

The Bill 198 reports have the following Citations.

                                                                                             
Report RuleCitation NumberCitation Description
Accounts CreatedBill 198 
Accounts DeletedBill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.
Accounts ModifiedBill 198 
Group ManagementBill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.
Account ManagementBill 198 
Admin Access to Compliance Systems - DetailBill 198; ISO 27002 - 10.10.4All activities by System Administrators and System Operators should be logged.
Admin Access to Compliance Systems - Top 25Bill 198; ISO 27002 - 10.10.4All activities by System Administrators and System Operators should be logged.
Change in Audit SettingsBill 198; ISO 15408-2The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed.
Access to Compliance Data - DetailBill 198 
Access to Compliance Data - Top 25Bill 198 
Logon Failures - DetailBill 198; ISO 27002 - 11.5.1All successful and unsuccessful logon attempts should be recorded.
Logon Failures - Top 25Bill 198; ISO 27002 - 11.5.1All successful and unsuccessful logon attempts should be recorded.
Password Changes - Detail
Password Changes - Top 25		Bill 198 
User Access RevokedBill 198; ISO 27002 - 11.2.1Users who have changed jobs or left the organization should have their access rights removed immediately.
User Access to Compliance Systems - DetailBill 198; ISO 27002 -11.5.1All successful and unsuccessful logon attempts should be recorded.
User Access to Compliance Systems - Top 25Bill 198; ISO 27002 -11.5.1All successful and unsuccessful logon attempts should be recorded.

You are here
Table of Contents > Compliance Reports: Bill 198

Attachments

    Outcomes