A solid governance structure for IS
iA Financial Group has put a solid governance structure in place to ensure the security of information throughout the organization. The key components are described below.
- Chief Information Security Officer (CISO): The CISO oversees all activities related to information security management for iA Financial Group to ensure strategic governance and appropriate oversight of the function by managing the development, maintenance and evolution of the information security master plan.
- Information Security Steering Committee (ISSC): To support global information security governance, an Information Security Steering Committee is responsible for implementing all of our information security, sensitive information protection, work environment, identity and access management and IT risk management initiatives.
- Information Security Policy Framework: iA Financial Group’s Information Security Policy Framework consists of a policy that covers the themes of IS risk management and governance, information and employee protection, security event monitoring and analysis, acceptable use of technology, compliance and information security resilience. This policy framework is based on industry best practices. Our practices in this area are based on security frameworks and controls, such as the National Institute of Standards and Technology – Cybersecurity Framework (NIST CSF), the Center for Internet Security (CIS) and the ISO standard. The members of the ISSC have the following responsibilities:
- Communicate with business lines to create a culture of information security and raise awareness of security standards and upcoming initiatives.
- Regularly review and approve aspects of the information security (IS) policy framework, services and roadmap stemming from the IS Program to ensure that they adequately address the significant risks which iA Financial Group may face.
- Monitor the evolution of the security culture within the company.
- Communicate with other committees and seek their input on the information security strategy.
- Review security posture indicators and set priorities for improvement.
- Ensure sufficient resources to implement the guiding principles, directions, standards and guidelines.
- Endorse the investments required for the various initiatives to strengthen IS posture, maturity, cohesion and related processes and ensure that they are aligned with iA Financial Group’s strategy.
Protecting the privacy of our clients, employees and advisors
iA Financial Group has a comprehensive cybersecurity program, which is applied to all of the company’s business lines, subsidiaries and distribution networks.
Ensuring the security of a large company like iA is a collective responsibility. We have put in place rigorous security practices regarding training and awareness. These practices apply to iA Financial Group, its employees, service providers and subcontractors, consultants and any other person whose work falls under the company’s responsibility. Everyone must do their part. The better informed all employees are, the better prepared they are to protect our clients, other employees and the entire organization, and to report any risky situations.
The cybersecurity program includes the deployment of advanced privacy systems and broad awareness and training activities. It is composed of several facets, including information security management, asset protection, and identity and access management. More information on what we do to protect the security of personal information can be found in the Privacy and Security section.
We have also set up an internal website for employees where we have gathered all our knowledge on the subject to better guide them in adopting responsible and secure behaviours. In addition, our team of information security awareness experts has developed numerous activities such as quizzes, gamification, newsletters, training, conferences, contests and phishing tests to test our employees’ knowledge and improve their reflexes and awareness.