MaLoi25
At a glance
- No Condition
- Open Date : March 08, 2024
- All industries
- Gouvernement du Québec
Overview
Eligibility criteria
- Quebec-based organization: The program is open to organizations located in Quebec.
- Public or private sector: All organizations, whether public or private, are eligible.
- Size of organization: The organization must have fewer than 500 employees to be eligible.
- Objective: The organization must seek to strengthen its cybersecurity and comply with the provisions of Bill 25.
Who is eligible
- Small and medium-sized enterprises (SMEs): All Quebec-based SMEs with fewer than 500 employees.
- Private organizations: Includes private companies operating in various industrial and commercial sectors in Quebec.
- Public institutions: Includes government agencies and other public entities in Quebec, provided they employ fewer than 500 people.
- Non-profit organizations: NPOs that meet the size and location criteria are also eligible.
- Start-ups: Quebec-based start-ups with fewer than 500 employees are also eligible.
Who is not eligible
- Large companies: Companies with 500 or more employees are not eligible.
- Organizations outside Quebec: Organizations that are not based in the province of Quebec.
- Federal government organizations: Agencies and institutions that report to the Canadian federal government.
- International organizations: Companies or institutions based outside Canada.
- Individuals: The program is not open to individual applications; it targets organizations only.
Eligible expenses
There are eligible expenses for this grant, including:
- Training materials and resources
- Consultation fees with cybersecurity experts
- Implementation of cybersecurity measures
Eligible projects & activities
- Self-diagnosis questionnaire:
- Completion of an online questionnaire to assess the organization's current situation in relation to the requirements of Law 25.
- Receipt of a detailed report based on responses, which serves as the basis for subsequent steps.
- 2-hour group training:
- Group training to identify best practices in cybersecurity and compliance with Law 25.
- Knowledge sharing on privacy and data security practices.
- 12-hour personalized coaching:
- 2-hour individual meeting to discuss the results of the self-diagnosis and plan compliance actions.
- 8 hours of virtual coaching to guide the organization in implementing the identified best practices.
- 2 hours dedicated to the preparation of the customer file by the expert, to ensure personalized and effective follow-up.
- Development of a detailed action plan:
- Implementation of a compliance plan in line with new privacy legislation.
- Follow-up and adjustment of the plan according to the needs and specific context of the organization.
Eligible geographic areas
- Entire province of Quebec: The program is available to all organizations located in Quebec, with no specific regional restrictions.
Evaluation & selection criteria
- Location: The organization must be based in Quebec.
- Organization size: The organization must have fewer than 500 employees.
- Sector: Applicable to all organizations, both public and private.
- Cybersecurity needs: The organization must have identified cybersecurity and Bill 25 compliance needs.
- Ability to participate: The organization must be able to actively participate in all stages of the program (self-diagnosis, training, coaching).
- Commitment: The organization must commit to following the guidelines and implementing the recommended practices for the protection of personal data.
How to apply
- Visit the program website: Go to https://maloi25.ca for all the information you need on the program.
- Check eligibility criteria: Make sure your organization meets the eligibility criteria, including location in Quebec, number of employees under 500, and cybersecurity needs.
- Online registration: Complete the registration form available on the program website.
- Complete the self-diagnostic questionnaire: Once registered, complete the online questionnaire to assess your organization's current compliance with Bill 25.
- Receive the self-diagnostic report: After completing the questionnaire, you will receive a detailed report that will serve as the basis for the next steps in the program.
- Participate in group training: Attend the 2-hour training session designed to reinforce your knowledge and skills in cybersecurity and legislative compliance.
- Personalized coaching planning: Organize coaching sessions with the assigned expert to implement the recommendations of the self-diagnostic report.
- Follow-up and evaluation: Participate in coaching meetings, apply the advice and strategies proposed, and provide feedback via a satisfaction questionnaire at the end of the program.
The MaLoi25 program, a joint initiative between In-Sec-M and the Government of Quebec, represents a significant effort to support Quebec organizations, both public and private, in their efforts to strengthen cybersecurity and comply with new legal requirements. Specifically designed for entities with fewer than 500 employees, this program aims to provide the tools and knowledge necessary to navigate the complex landscape of personal data protection, in direct response to the enactment of Law 25.
Law 25, a legislative framework adopted to enhance the protection of personal information within organizations operating in Quebec, imposes new and stringent cybersecurity obligations. Faced with these requirements, many small and medium-sized enterprises (SMEs) often find themselves unprepared, lacking both the internal resources and expertise needed for effective compliance. It is in this context that the MaLoi25 program was developed, offering a structured response to a pressing need for support.
Structure and Progression of the Program
The pathway proposed by MaLoi25 is structured around three key stages, each designed to address different aspects of compliance and capacity building in cybersecurity:
- Self-Diagnostic Questionnaire: This initial step engages participants in assessing their current situation in relation to the requirements of Law 25. Accessible online, this questionnaire allows organizations to review their data management practices. The results obtained serve as the basis for the following stages, identifying areas that require particular attention.
- Group Training: Lasting two hours, this training session aims to educate and raise awareness among participants about good practices in cybersecurity and data protection. The sessions cover various topics, from recognizing confidentiality incidents to secure management of passwords and data. The goal is to provide a solid understanding of the actions required for compliance with the law.
- Personalized Support: At the heart of the program, this 12-hour support phase allows for the implementation of a customized compliance plan. Spread between individual meetings and virtual coaching, this stage ensures that each organization can practically apply the advice and strategies developed with the assigned expert.
Impact and Benefits
One of the main benefits of MaLoi25 is its personalized approach, which considers the specifics of each organization. The continuous support offered throughout the program enables participants not only to understand the legal requirements but also to integrate them effectively and sustainably into their daily operations.
Additionally, the program plays a crucial role in raising cybersecurity awareness. By training employees and leaders on best practices and potential risks, MaLoi25 helps create a strengthened security culture within Quebec organizations. This is increasingly important as cyberattacks become more sophisticated and frequent, posing a major risk to the security of personal data and the stability of businesses.
Ongoing Support and Resources
Beyond direct support, the program also offers additional resources, such as links to cybersecurity tools and guides on best practices. These resources are intended to help organizations maintain and improve their security posture after the program ends.
The program includes a feedback mechanism, where participants are invited to share their experiences through a satisfaction questionnaire. This evaluation process allows In-Sec-M and the Government of Quebec to adjust and optimize the program based on user feedback, ensuring that MaLoi25 remains relevant and effective against the evolving threats of cybersecurity and legislative frameworks.
Conclusion
In conclusion, MaLoi25 stands as a pillar of support for Quebec SMEs, enabling them to confidently address the challenges posed by Law 25 and the constantly evolving cybersecurity landscape. Through its structured approach and personalized support, the program does not merely promote legal compliance; it also encourages a secure and effective digital transformation, essential to the sustainability and success of businesses in today's digital economy.
