MaLoi25

Who is eligible?

Organizations in Quebec, both public and private, with fewer than 500 employees are eligible to apply for support under the MaLoi25 program. This includes Small and Medium Enterprises (SMEs) and Small and Medium Organizations (SMOs) looking to enhance their cybersecurity measures and comply with the new legal requirements.

Who is not eligible

• Large companies: Companies with 500 or more employees are not eligible.
• Organizations outside Quebec: Organizations that are not based in the province of Quebec.
• Federal government organizations: Agencies and institutions that report to the Canadian federal government.
• International organizations: Companies or institutions based outside Canada.
• Individuals: The program is not open to individual applications; it targets organizations only.

Eligible expenses

• Costs related to a 2-hour group training to reinforce cybersecurity and compliance with Law 25.
• Personalized support fees of 12 hours for the development and implementation of a compliance plan.

Eligible geographic areas

The MaLoi25 grant program is specifically designed for organizations located within the province of Quebec, Canada. It aims to assist small and medium-sized enterprises in complying with local cybersecurity regulations.

• Organizations must be located in Quebec.

• Location: The organization must be based in Quebec.
• Organization size: The organization must have fewer than 500 employees.
• Sector: Applicable to all organizations, both public and private.
• Cybersecurity needs: The organization must have identified cybersecurity and Bill 25 compliance needs.
• Ability to participate: The organization must be able to actively participate in all stages of the program (self-diagnosis, training, coaching).
• Commitment: The organization must commit to following the guidelines and implementing the recommended practices for the protection of personal data.

Here are the steps to submit an application for the MaLoi25 program:

• Step 1: Registration and Initial Contact
• Visit the website https://maloi25.ca and complete the registration process.
• Once registered, expect to be contacted via email by an assigned expert to plan the execution of the program stages.
• Step 2: Complete the Self-Diagnostic Questionnaire
• Access the online self-diagnostic questionnaire to assess compliance with Loi 25.
• Submit the completed questionnaire to receive a detailed report, which forms the basis for the following steps.
• Ensure to keep a copy of the report for sharing with your assigned expert.
• Step 3: Participate in Group Training
• Attend the 2-hour group training session on best practices in cybersecurity and compliance with Loi 25.
• Take notes and align the training insights with your organization’s realities based on the self-diagnostic results.
• Complete the online satisfaction questionnaire provided after the training session.
• Step 4: Engage in Personalized Assistance
• Participate in the personalized 12-hour assistance process, including a 2-hour individual meeting and 8 hours of virtual coaching.
• Work with the assigned expert to develop and implement a compliance action plan based on the self-diagnostic report.
• Complete any necessary compliance tasks between sessions to meet Loi 25 requirements.
• Provide feedback through the satisfaction questionnaire once the assistance phase is completed.

Here are additional relevant details for this grant:

• Post-program support is available through a form to request cybersecurity assistance for deploying solutions or increasing cybersecurity maturity levels.
• An online satisfaction questionnaire is provided after both the group training and the personalized coaching to gather feedback for program optimization.
• Participants are strongly advised to keep a copy of the self-diagnostic report as it is crucial for personalizing the compliance journey, and In-Sec-M cannot retrieve it if lost.
• The program is operationalized by In-Sec-M and supported by service providers who focus on personal information protection expertise.
• If services are initiated and not completed by March 31, 2025, fees are non-refundable; however, full refunds are provided if no service has been started before this deadline.