Security Schedule - Cloud Security
Like organizations throughout the world, the Province is increasingly turning to the use of cloud technologies to provide modern and efficient services for its citizens. This has led to the need for contract agreements with vendors who either provide cloud technology services themselves, or vendors who sub-contract with other vendors for cloud technology services.
The new Cloud Security Schedule makes it easier for ministries to identify the types of services required, and the level of care that is expected, when cloud services are used to manage Province information. This schedule replaces a previous version that was published in August 2017.
The Cloud Security Schedule must be used without modification unless Ministry legal counsel drafts or advises on the modification. In addition, the Ministry Information Security Officer or, if the Services are for shared services, the OCIO Information Security Branch, must approve any modification proposing alternate security requirements or additional obligations.
Further instructions are provided (in square brackets and red text) within the Cloud Security Schedule. These instructions must be deleted when including the schedule in a contract agreement.
Information and templates for creating a General Service Agreement (GSA) can be found at the GSA website.
Employees with questions about information system security requirements, or the Cloud Security Schedule specifically, should contact their Ministry Information Security Officer (MISO) for assistance.