Skip to main content
Free Resource

BC Business IT Security Checklist (2026)

Ten items every BC business should be able to confirm. Based on requirements from PIPA, PIPEDA, and the Canadian Centre for Cyber Security. Free, no signup required.

  1. Multi-factor authentication (MFA) enabled

    MFA is active on all email, cloud platform, and business application accounts. This is the single most effective control for preventing unauthorized account access.

  2. Endpoint protection active

    All workstations and laptops have endpoint protection software installed, running, and reporting current definitions.

  3. Software and OS patches applied within 30 days

    Critical operating system and software patches are applied within 30 days of release. A documented patch management process determines testing and deployment timing.

  4. Verified data backup with tested restore

    A data backup is running on a defined schedule and a restore has been tested in the last 90 days. Backups that have not been verified may not restore successfully when needed.

  5. Role-based access controls in place

    Employees access only the systems and data their role requires. Access is reviewed when roles change or employees leave.

  6. Email security filtering active

    Email security filtering blocks known phishing patterns, malware attachments, and spoofed sender addresses before messages reach your team's inboxes.

  7. Documented offboarding process

    A documented process ensures that departing employee accounts are disabled promptly across all platforms, including email, cloud applications, and VPN.

  8. Incident response plan documented

    A written plan covers how a potential security incident is identified, who is notified, how it is contained, and whether breach notification obligations apply under PIPA or PIPEDA.

  9. Personal information inventory maintained

    You can identify what personal information your business holds, where it is stored, and who has access. This is a PIPA obligation for BC businesses and supports breach notification decisions.

  10. Security awareness training completed by all staff

    All employees have completed security awareness training in the last 12 months covering phishing recognition, password practices, and incident reporting.

Frequently Asked Questions

Is the IT security checklist free?
Yes. The checklist is available in full on this page at no cost. You can also enter your email to receive a formatted copy.
Does this checklist apply to BC businesses under PIPA?
Yes. The checklist is designed specifically for BC businesses with PIPA obligations. Items covering personal information inventory and incident response plans directly address PIPA requirements.
What if my business does not meet all of these items?
Most businesses have at least one or two gaps when they first review a checklist like this. A complimentary technology assessment can identify your specific gaps and provide a prioritized plan for addressing them.

Get the checklist by email

We will send a formatted copy to your inbox. No obligation.

Not sure how your business measures up against this checklist? A complimentary technology assessment covers your full environment and delivers a written report with prioritized recommendations.

Book a free assessment