By Michael Turcsanyi, CEO, TruPoint

Sponsored Content

Introduction

It seems like every day we hear how about another business or entire industry is being hit hard by Cyber Security incidents. According to the most recent National Cyber Threat Assessment (2023 – 2024) from the Canadian Centre for Cyber Security, Cybercrime is still the number one threat activity affecting Canadians. For Canadian businesses, Ransomware is among the top threat and thus data security is a paramount concern for bankruptcy trustees in Canada, especially given the stringent record-keeping requirements mandated by the Office of the Superintendent of Bankruptcy (OSB).

Compliance with these requirements not only safeguards sensitive information but also ensures the smooth operation of bankruptcy proceedings. This article explores effective strategies for meeting these data security standards, focusing on cloud workspaces, robust file storage systems, and managed compliance solutions.

Background on Directive No. 32R

Directive No. 32R issued by the Office of the Superintendent of Bankruptcy (OSB) sets out the requirements for electronic recordkeeping by licensed insolvency trustees. This directive ensures that bankruptcy records are maintained securely, accurately, and are readily accessible for review and audit purposes. Here are some key aspects of the directive explained in simpler terms:

1. Record Integrity and Security

Trustees must ensure that electronic records are tamper-proof and protected against unauthorized access. This includes using secure systems that can detect and prevent alterations to the records.

Example: Implementing encryption and access controls to prevent unauthorized users from viewing or changing bankruptcy case files.

2. Accessibility and Availability

Records must be accessible to authorized individuals at all times. This means maintaining a system that allows easy retrieval of documents and data whenever needed.

Example: Using a cloud-based storage solution that provides 24/7 access to case files for trustees and authorized personnel.

3. Data Backup and Recovery

Trustees are required to have a robust backup and recovery plan to protect records from data loss due to system failures or other unforeseen events.

Example: Regularly scheduled backups of all electronic records and a tested recovery plan to restore data in case of an emergency.

4. Audit Trail and Documentation

Maintaining an audit trail that records all actions taken on electronic records is crucial. This ensures accountability and provides a clear history of all changes made to the records.

Example: An automated system that logs every access, modification, or deletion of case files, including the user who performed the action and the date and time it occurred.

5. Compliance with Legal and Regulatory Standards

Trustees must ensure that their electronic recordkeeping practices comply with all relevant legal and regulatory requirements, including those specified by the OSB.

Example: Implementing policies and procedures that align with PIPEDA (Personal Information Protection and Electronic Documents Act) to ensure the protection of personal information.

What Solutions are Available?

As with the rise of Cybercrime, so are the costs associated with delivering a secure and compliant IT solution. Many Canadian small and medium businesses are not able to effectively build and secure their own IT systems anymore. Making the move away from back-office servers, or legacy Managed Services Providers (MSPs) is an important step in the right direction. Here are the top three areas that should be part of the IT solution going forward:

1. Effective Cloud Workspace

Secure Desktop Access

An effective cloud workspace is crucial for bankruptcy trustees who need secure, high-performance access to their Client Management platforms, such as Ascend by Promeric. A cloud workspace powered by Citrix provides a reliable and secure environment, allowing trustees to access their applications and data from anywhere with an internet connection. Citrix technology ensures that data remains protected through robust security measures, including encryption and multi-factor authentication.

Benefits:

• High-performance access to applications and data
• Enhanced security with encryption and MFA
• Flexibility to work securely from any location

2. Robust Business-Grade File Storage System

Compliance with OSB Requirements

Bankruptcy trustees handle a vast amount of data, including case files and financial records. A robust business-grade file storage system is essential to manage these files efficiently while ensuring compliance with OSB's Directive No. 32R on electronic recordkeeping. Such a system should offer secure file storage, easy retrieval, and regular backups to prevent data loss.

Key Features:

• Secure storage with encryption
• Automated backups and data recovery
• Ability to share files and link to public websites

TruSync Solution

TruSync is an excellent solution for trustees. It not only meets the compliance requirements but also streamlines user workflows with plugins for office applications and web portals. TruSync ensures that all case files are securely stored, easily accessible, and backed up regularly, thereby minimizing the risk of data breaches or loss.

3. Managed Compliance Solutions

Tracking and Maintaining Compliance

Keeping up with compliance requirements can be challenging for small businesses. A Managed Service Provider (MSP) that offers comprehensive compliance tracking can significantly alleviate this burden. MSPs can monitor adherence to Directive No. 32R, maintain necessary policies and procedures, and provide an evidence trail for audits.

Compliance Management Software

By leveraging compliance management software, trustees can simplify the process of managing and proving compliance. This software can track various standards, such as PIPEDA and CASL, alongside cyber insurance requirements. Features like checklists, system logs, training logs, policy sign-offs, and a risk register can dramatically reduce the overhead required to maintain ongoing compliance.

Benefits:

• Simplified compliance tracking
• Automated policy management
• Comprehensive evidence trail for audits

Key Takeaways:

1. Adopt a Secure Cloud Workspace: Utilize a cloud workspace powered by Citrix for secure, high-performance access to client management systems.
2. Implement Robust File Storage Solutions: Use business-grade file storage systems like TruSync to manage and secure large volumes of case files.
3. Leverage MSP Services for Compliance: Partner with an MSP that offers managed compliance solutions to track and maintain adherence to OSB requirements.

About TruPoint

TruPoint offers a comprehensive suite of services designed to meet the unique needs of bankruptcy trustees. Our TruWorkspace solution, powered by Citrix, ensures secure access to critical applications from any location. With TruSync, we provide robust file storage that complies with OSB standards. Additionally, our managed compliance software simplifies the process of maintaining and proving compliance, allowing trustees to focus on their core responsibilities. By integrating these solutions, bankruptcy trustees can enhance their data security posture, ensure compliance, and streamline their workflows, ultimately leading to more efficient and secure operations.