Policy

Policy Instruments

The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Digital Standards
Standards on Application Programming Interfaces (APIs)
Government of Canada right cloud selection guidance
Government of Canada cloud security risk management approach and procedures
Government of Canada Security Control Profile for Cloud-based GC Services
Government of Canada White Paper: Data Sovereignty and Public Cloud
Security and identity management guidance - Directives, standards, guidelines and publications related to security
Secure use of cloud services - How to put in place secure cloud solutions.
Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
Using electronic signatures - Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
Secure electronic signature regulations - Getting a valid electronic signature.
Public key infrastructure - Guideline on creating public keys for secure identity management
Password management guidance - How government services should manage user passwords
Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
Secure use of cloud services - How to put in place secure cloud solutions.

Risk-management for cloud-based services
Protect cloud services by ensuring that the proper security controls are in place.
Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.