Line 25: |
Line 25: |
| From an IT Security standpoint, connections to external tools and services carry the same risks as other connections to the | | From an IT Security standpoint, connections to external tools and services carry the same risks as other connections to the |
| internet. However, departments should take into account that usage of these sites may require some form of identification of the individual and consequently, their association with an organization (e.g. a GC department or agency). | | internet. However, departments should take into account that usage of these sites may require some form of identification of the individual and consequently, their association with an organization (e.g. a GC department or agency). |
| + | |
| + | Departments should consider the following: |
| + | |
| + | *Posting of information on external tools and web services will likely divulge the origin of the |
| + | information; |
| + | *All information posted on the internet, regardless of the amount of time it is available, is effectively |
| + | permanently recorded. There are no control provisions for any information once posted; |
| + | *The nature of external tools and web services like social networking sites makes them appealing |
| + | targets for malicious exploitation. These sites are inherently prone to malicious users providing links to |
| + | malware content that can propagate to a department’s infrastructure; |
| + | *Content on external tools such as Trello, Slack etc. may be stored on servers located outside Canada |
| + | thus the content along with associated user metadata can be monitored by non-Canadian and /or |
| + | third party products, services or businesses; |
| + | *Everything that is shared using external tools and web services could be subject to Access to |
| + | Information and Privacy (ATIP). Public servants must ensure that information related to the mandate |
| + | of the organisation and/or contains decisions on government activities is properly captured and |
| + | managed, following information management best practices; and |
| + | *Public servants are encouraged to verify data retention requirements when using external tools, in |
| + | accordance with the TBS Policy on Information Management. Some externally provided tools will |
| + | retain your information even after you have deactivated your account |
| | | |
| ==Heading 3== | | ==Heading 3== |