802
edits
Changes
Secure Use of Collaboration Tools (view source)
Revision as of 12:45, 30 March 2020
, 12:45, 30 March 2020→Considerations
From an IT Security standpoint, connections to external tools and services carry the same risks as other connections to the
From an IT Security standpoint, connections to external tools and services carry the same risks as other connections to the
internet. However, departments should take into account that usage of these sites may require some form of identification of the individual and consequently, their association with an organization (e.g. a GC department or agency).
internet. However, departments should take into account that usage of these sites may require some form of identification of the individual and consequently, their association with an organization (e.g. a GC department or agency).
Departments should consider the following:
*Posting of information on external tools and web services will likely divulge the origin of the
information;
*All information posted on the internet, regardless of the amount of time it is available, is effectively
permanently recorded. There are no control provisions for any information once posted;
*The nature of external tools and web services like social networking sites makes them appealing
targets for malicious exploitation. These sites are inherently prone to malicious users providing links to
malware content that can propagate to a department’s infrastructure;
*Content on external tools such as Trello, Slack etc. may be stored on servers located outside Canada
thus the content along with associated user metadata can be monitored by non-Canadian and /or
third party products, services or businesses;
*Everything that is shared using external tools and web services could be subject to Access to
Information and Privacy (ATIP). Public servants must ensure that information related to the mandate
of the organisation and/or contains decisions on government activities is properly captured and
managed, following information management best practices; and
*Public servants are encouraged to verify data retention requirements when using external tools, in
accordance with the TBS Policy on Information Management. Some externally provided tools will
retain your information even after you have deactivated your account
==Heading 3==
==Heading 3==