Difference between revisions of "GC Enterprise Architecture/Standards/Security and Privacy Architecture"
Jump to navigation
Jump to search
Jana.jessome (talk | contribs) m (Jana.jessome moved page GC Security and Privacy Enterprise Architecture to GC Enterprise Security and Privacy Architecture) |
|||
| Line 47: | Line 47: | ||
==Design for Security and Privacy== | ==Design for Security and Privacy== | ||
| + | <br> | ||
* Implement security across all architectural layers | * Implement security across all architectural layers | ||
| + | |||
| + | For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below: <br> | ||
| + | - The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument. <br> | ||
| + | - The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time. | ||
| + | |||
| + | |||
* Categorize data properly to determine appropriate safeguards | * Categorize data properly to determine appropriate safeguards | ||
| + | |||
* Perform a privacy impact assessment (PIA) when personal information is involved | * Perform a privacy impact assessment (PIA) when personal information is involved | ||
| + | |||
* Balance user and business needs with proportionate security measures | * Balance user and business needs with proportionate security measures | ||
Revision as of 17:14, 17 December 2019
| Home | EA standards | EARB Endorsements | EA Artifacts | Working Groups | GC EARB | Other References |
 |
This page is a work in progress. We welcome your feedback. Please use the discussion page for suggestions and comments. When the page is approved and finalized, we will send it for translation. |
5. Security & Privacy Architecture
This is a definition for GC Security and Privacy Enterprise Architecture
Design for Security and Privacy
- Implement security across all architectural layers
For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below:
- The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument.
- The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time.
- Categorize data properly to determine appropriate safeguards
- Perform a privacy impact assessment (PIA) when personal information is involved
- Balance user and business needs with proportionate security measures
