IT Glossary: Key Terms for Canadian Business Owners

Canadian businesses encounter dozens of IT and cybersecurity acronyms — PIPEDA, EDR, MDR, MFA, MSP, RTO, RPO — without clear explanations of what they mean or why they matter. This glossary provides plain-language definitions with specific Canadian context, compliance implications, and practical guidance from Outsource IT Canada, a Toronto-based managed IT provider serving Canadian SMBs since 2008.

All 25 IT and cybersecurity terms — A to Z

• BDR (Backup and Disaster Recovery) — immutable backups using the 3-2-1-1 rule stored in Canadian data centres; foundational for ransomware recovery and PIPEDA compliance
• Dark Web Monitoring — continuous scanning for your organization's credentials on criminal forums and breach databases before attackers use them
• EDR (Endpoint Detection and Response) — behavioural monitoring of every device; catches ransomware and zero-day attacks; $8–15/device/month in Canada
• FINTRAC Compliance — anti-money laundering digital record-keeping obligations for real estate, legal, accounting, and financial services firms
• MDR (Managed Detection and Response) — 24/7 security analyst monitoring of EDR; $15–40/endpoint/month; adds human response to EDR software
• MFA (Multi-Factor Authentication) — prevents 99.9% of automated credential attacks; required by all Canadian cyber insurers on email and remote access
• Microsoft 365 — licensing tiers for Canadian SMBs; Business Premium at $26.40/user/month CAD includes EDR, Intune MDM, and Canadian data residency
• Microsoft Azure — IaaS/PaaS/SaaS cloud with Canada Central (Toronto) and Canada East (Quebec City) data centres satisfying PIPEDA requirements
• Microsoft Intune — MDM built into M365 Business Premium; manages Windows, Mac, iOS, and Android; enforces Zero Trust device compliance
• MSP (Managed Service Provider) — flat-rate IT management including monitoring, help desk, patching, security, and Microsoft 365; $150–250/user/month in Canada
• MSSP (Managed Security Service Provider) — security-focused 24/7 SOC with SIEM and MDR; security-only scope distinct from MSP broad IT management
• OSFI Guideline B-13 — Technology and Cyber Risk Management framework for Canadian federally regulated financial institutions; effective January 2024
• PHIPA — Ontario's Personal Health Information Protection Act; stricter than PIPEDA; 72-hour breach notification to IPC; mandatory agent agreements
• PIPA — Alberta and BC Personal Information Protection Acts; substantially similar to PIPEDA for provincially regulated businesses
• PIPEDA — Canada's federal private sector privacy law; 10 fair information principles; penalties up to $100K; mandatory breach reporting to OPC
• Ransomware — encryption and double-extortion malware; 40% higher targeting of Canadian businesses than US; 60% of hit SMBs close within 6 months
• RMM (Remote Monitoring and Management) — software MSPs use to monitor device health 24/7, apply patches automatically, and remotely troubleshoot endpoints
• RPO (Recovery Point Objective) — maximum acceptable data loss measured in time; drives backup frequency from daily to continuous journaled replication
• RTO (Recovery Time Objective) — maximum acceptable downtime after a disaster; drives recovery architecture from standard restore to hot standby
• SharePoint — Microsoft's cloud document management platform; replaces file servers and mapped drives; included in all Microsoft 365 business plans
• SIEM (Security Information and Event Management) — centralized log aggregation and correlation across all systems; required for SOC 2 certification and OSFI B-13 compliance
• SLA (Service Level Agreement) — contractual IT response and resolution time commitments by priority tier; P1 critical issues: 15–30 minute response 24/7
• vCISO (Virtual CISO) — fractional Chief Information Security Officer at $3–8K/month vs. $220–360K/year full-time; security strategy and compliance oversight for SMBs
• XDR (Extended Detection and Response) — correlates threats across email, endpoints, cloud, and identity; unified incident view reducing alert fatigue
• Zero Trust — "never trust, always verify" model replacing VPN perimeter security; verify every user, device, and connection on every access request

For plain-language IT advice tailored to your Canadian business, call Outsource IT Canada at (416) 623-9677 or request a free assessment.