Difference between revisions of "GC Enterprise Architecture/Standards/Security and Privacy Architecture"
Jump to navigation
Jump to search
| Line 48: | Line 48: | ||
==Design for Security and Privacy== | ==Design for Security and Privacy== | ||
<br> | <br> | ||
| − | * Implement security across all architectural layers | + | <b>* Implement security across all architectural layers </b> |
For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below: <br> | For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below: <br> | ||
| Line 54: | Line 54: | ||
- The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time. | - The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time. | ||
| + | <b>* Categorize data properly to determine appropriate safeguards</b> | ||
| − | + | For various possible cloud connection type and the associated security profile for each connection type, please refer to the presentation from Cyber Security, can be found from the GC Collab link below: | |
| + | https://gccollab.ca/file/group/1896382/all# | ||
| − | + | <br> | |
| − | * Balance user and business needs with proportionate security measures | + | <b>* Perform a privacy impact assessment (PIA) when personal information is involved</b> |
| + | |||
| + | <b>* Balance user and business needs with proportionate security measures</b> | ||
Revision as of 11:44, 19 December 2019
| Home | EA standards | EARB Endorsements | EA Artifacts | Working Groups | GC EARB | Other References |
 |
This page is a work in progress. We welcome your feedback. Please use the discussion page for suggestions and comments. When the page is approved and finalized, we will send it for translation. |
5. Security & Privacy Architecture
This is a definition for GC Security and Privacy Enterprise Architecture
Design for Security and Privacy
* Implement security across all architectural layers
For Protected A Data, it can reside outside of Canada, provided the country is listed in the approved list and follow the requirements below:
- The Supplier must certify that the delivery and provisioning of Services under this contract must be from a country within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm), the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en); or from a country with which Canada has an international bilateral industrial security instrument.
- The Contract Security Program (CSP) has international bilateral industrial security instruments with the countries listed on the following PSPC website: http://www.tpsgc-pwgsc.gc.ca/esc-src/international-eng.html and as updated from time to time.
* Categorize data properly to determine appropriate safeguards
For various possible cloud connection type and the associated security profile for each connection type, please refer to the presentation from Cyber Security, can be found from the GC Collab link below: https://gccollab.ca/file/group/1896382/all#
* Perform a privacy impact assessment (PIA) when personal information is involved
* Balance user and business needs with proportionate security measures
