Bill 198 empowers the Ontario Securities Commission to develop guidelines to protect investors in public Canadian companies by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.
Dependencies
The Bill 198 compliance reports have the following dependencies.
| SA Rules | App Rules |
|---|---|
| Accounts Created Accounts Deleted Accounts Modified Group Management Password Changes Password Changes Summary User Access Revoked Admin Access to Compliance Systems Details Admin Access to Compliance Systems Summary Access To Compliance Data Details Access to Compliance Data Summary User Access to Compliance Systems Details User Access to Compliance Systems Summary Logon Failures Details Logon Failures Summary Change in Audit Settings | account:created account:deleted account:modified account:group-management access:user-access-revoked account:password-change account:logon-failure config:change-audit-setting account:logon-success alm:cardholder-data |
Citations
The Bill 198 reports have the following Citations.
| Report Rule | Citation Number | Citation Description |
|---|---|---|
| Accounts Created | Bill 198 | |
| Accounts Deleted | Bill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1 | An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used. |
| Accounts Modified | Bill 198 | |
| Group Management | Bill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1 | An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used. |
| Account Management | Bill 198 | |
| Admin Access to Compliance Systems - Detail | Bill 198; ISO 27002 - 10.10.4 | All activities by System Administrators and System Operators should be logged. |
| Admin Access to Compliance Systems - Top 25 | Bill 198; ISO 27002 - 10.10.4 | All activities by System Administrators and System Operators should be logged. |
| Change in Audit Settings | Bill 198; ISO 15408-2 | The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed. |
| Access to Compliance Data - Detail | Bill 198 | |
| Access to Compliance Data - Top 25 | Bill 198 | |
| Logon Failures - Detail | Bill 198; ISO 27002 - 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Logon Failures - Top 25 | Bill 198; ISO 27002 - 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Password Changes - Detail Password Changes - Top 25 | Bill 198 | |
| User Access Revoked | Bill 198; ISO 27002 - 11.2.1 | Users who have changed jobs or left the organization should have their access rights removed immediately. |
| User Access to Compliance Systems - Detail | Bill 198; ISO 27002 -11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| User Access to Compliance Systems - Top 25 | Bill 198; ISO 27002 -11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
