Governance of Cybersecurity Risk Management at the BC Institute of Technology

Date: March 3, 2026

Our new audit report to the Legislative Assembly looks at the governance of cybersecurity risk management at BCIT. Cyber attacks are more frequent and more severe, making it challenging for post-secondary institutions like BCIT to protect sensitive information such as student records and research data.

We found that BCIT had a comprehensive governance framework to manage cybersecurity risks. The key elements include relevant policies, well-defined roles and responsibilities at all levels of the organization, and metrics to monitor performance.

BCIT’s governance framework supports its ability to manage cybersecurity risks consistently and in line with its strategic priorities on behalf of faculty, staff and about 45,000 students.