Schedule R - Security Provisions

 

What is the purpose of this Schedule?

Who develops the supporting documents required to update the schedule?

When should the schedule's supporting documents be created?

When is this particular schedule used?

What is required for this schedule?

Tips

Information Covered in Schedule R Attachment and Exhibits

 

What is the purpose of this Schedule?	The purpose Schedule R is to provide a centralized location for all security obligations under the TSMA.  In accordance with the TSMA, TELUS will comply with the security requirements set out in this schedule, including its attachments, in the GPS Group Security Policies (subject to section 5 of this Schedule), and in Section 19 of the main body of this Agreement, and any additional security requirements related to to the Services or the Network which may be agreed to between TELUS and the GPS Group.
Who develops the supporting documents  required to update the Schedule?	Changes within the schedule will be developed by the vendor, TELUS, and then reviewed/negotiated with the Province.
When should the Schedule's supporting documents be created?	As a schedule applies to all services under the TSMA,  when adding a new service, either a new attachment or a new exhibit (or both) may be required to be added to the schedule.  The appropriate document(s), attachment and/or exhibit, are always created by TELUS after the Province has documented their requirements and the requirements have been reviewed and agreed to by the Vendor (TELUS) via a Term Sheet negotiated by the Province's Legal Representative.
When is this particular schedule used?	This schedule is used when onboarding any new services that require additional security  that would require new Schedule R attachments or exhibits.
What is required for this Schedule?	It is important that you review all the requirements for this new service, then review the TSMA to view what is already provided and then document any gaps.
Tips:	For example, refer to TSMA Attachment R1.

  Information Covered in Schedule R Attachments & Exhibits

1. Security of Information
2. Adherence to GPS Group Security Standards
3. GPS Group Security Policies Exceptions
4. Service Specific Security Requirements
5. TELUS Group Compliance
6. Security Communication and Compliance Monitoring
7. Security clearances
8. Network & GPS Infrastructure Access
9. GPS Group Information Access
10. Physical Access
11. Monitoring
12. Security Records and Reporting
13. Court Orders or other Lawful Requirements
14. Security Investigations
15. Incident Response
16. Security Threat and Risk Assessment
17. Compliance
18. Network and Administrative Security
19. Facility Security
20. Integrity of Information
21. Equipment Security
22. Destruction of Information
23. Reporting
24. Security Screening Requirements
25. Personal Security
26. GPS Infrastructure Acceptable Use
27. Adherence to GPS Group Security Safeguards
28. Material Breach
29. Security Representatives
30. Call Detail Reports
31. Logging
32. Monitoring
33. Auditing
34. Remote Access
35. Controls
36. Security
37. Vulnerability Management
38. Vulnerability Scanning
39. Change Control
40. Asset Management
41. Workstation Security
42. Passcodes

 Next Page: Schedule S - Installation Standards