GC Enterprise Architecture/Standards/Security and Privacy Architecture
< GC Enterprise Architecture | Standards
Revision as of 16:14, 17 December 2019 by Gita.nurlaila (talk | contribs)
Home | EA standards | EARB Endorsements | EA Artifacts | Working Groups | GC EARB | Other References |
This page is a work in progress. We welcome your feedback. Please use the discussion page for suggestions and comments. When the page is approved and finalized, we will send it for translation. |
5. Security & Privacy Architecture
This is a definition for GC Security and Privacy Enterprise Architecture
Design for Security and Privacy
- Implement security across all architectural layers
For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below:
- The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument.
- The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time.
- Categorize data properly to determine appropriate safeguards
- Perform a privacy impact assessment (PIA) when personal information is involved
- Balance user and business needs with proportionate security measures