Changes

no edit summary
Line 47: Line 47:     
==Design for Security and Privacy==
 
==Design for Security and Privacy==
 +
<br>
 
* Implement security across all architectural layers
 
* Implement security across all architectural layers
 +
 +
  For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below: <br>
 +
    - The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument. <br>
 +
    - The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time.
 +
 +
 
* Categorize data properly to determine appropriate safeguards
 
* Categorize data properly to determine appropriate safeguards
 +
 
* Perform a privacy impact assessment (PIA) when personal information is involved
 
* Perform a privacy impact assessment (PIA) when personal information is involved
 +
 
* Balance user and business needs with proportionate security measures
 
* Balance user and business needs with proportionate security measures
514

edits