GC Enterprise Architecture/Standards/Security and Privacy Architecture

Home EA standards EARB Endorsements EA Artifacts Working Groups GC EARB Other References



<<Application Architecture

Enterprise Architecture Standard main page>>


5. Security & Privacy Architecture


This is a definition for GC Security and Privacy Enterprise Architecture

Design for Security and Privacy


  • Implement security across all architectural layers
 For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below: 
- The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument.
- The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time.


  • Categorize data properly to determine appropriate safeguards
  • Perform a privacy impact assessment (PIA) when personal information is involved
  • Balance user and business needs with proportionate security measures