Alberta’s regulatory landscape is evolving, and for oil & gas companies, the pressure to demonstrate robust cybersecurity and operational resilience has never been higher.
Directive AER 2024_084 (May 31, 2025) sets a new standard for cybersecurity and risk management, reinforcing the need for clear documentation, active oversight, and alignment with leading control frameworks.
But what does that actually mean for your organization, and how can you prepare?
This directive, released by the Alberta Energy Regulator (AER), outlines specific expectations around the governance, identification, and mitigation of cyber and operational risks that could impact critical infrastructure. It emphasizes:
In short, the directive moves beyond recommendations. It expects action, accountability, and evidence.
Failing to meet the standards in AER 2024_084 / CSA Z246.1:21 isn’t just a regulatory risk, it’s a reputational and operational risk, too.
🔍 Regulators expect visibility
🔗 Other stakeholders expect compliance
And all of that becomes hard to deliver when your risk posture lives in disconnected spreadsheets, scattered files, or siloed teams.
At BACKSTOP, we built our platform to handle complex compliance demands like AER 2024_084 & CSA Z246.1:21 — without adding more complexity to your day.
Here’s how we support regulated energy teams:
Whether you’re preparing for your first audit under the new directive or looking to mature your compliance program, we help lean teams stay ahead of regulatory demands.
Let’s make compliance proactive, not reactive. If your compliance program still lives in spreadsheets, it’s time for an upgrade.
Book a personalized walkthrough of how BACKSTOP can help your team meet and exceed AER requirements without the audit scramble.