Schedule R - Security Provisions

 

What is the purpose of this Schedule?

Who develops the supporting documents required to update the schedule?

When should the schedule's supporting documents be created?

When is this particular schedule used?

What is required for this schedule?

Tips

Information Covered in Schedule R Attachment and Exhibits

 

What is the purpose of this Schedule? The purpose Schedule R is to provide a centralized location for all security obligations under the TSMA.  In accordance with the TSMA, TELUS will comply with the security requirements set out in this schedule, including its attachments, in the GPS Group Security Policies (subject to section 5 of this Schedule), and in Section 19 of the main body of this Agreement, and any additional security requirements related to to the Services or the Network which may be agreed to between TELUS and the GPS Group.
 
Who develops the supporting documents  required to update the Schedule? Changes within the schedule will be developed by the vendor, TELUS, and then reviewed/negotiated with the Province.
When should the Schedule's supporting documents be created? As a schedule applies to all services under the TSMA,  when adding a new service, either a new attachment or a new exhibit (or both) may be required to be added to the schedule.  The appropriate document(s), attachment and/or exhibit, are always created by TELUS after the Province has documented their requirements and the requirements have been reviewed and agreed to by the Vendor (TELUS) via a Term Sheet negotiated by the Province's Legal Representative.
When is this particular schedule used? This schedule is used when onboarding any new services that require additional security  that would require new Schedule R attachments or exhibits.
What is required for this Schedule? It is important that you review all the requirements for this new service, then review the TSMA to view what is already provided and then document any gaps.  
Tips: For example, refer to TSMA Attachment R1.

  Information Covered in Schedule R Attachments & Exhibits

  1. Security of Information
  2. Adherence to GPS Group Security Standards
  3. GPS Group Security Policies Exceptions
  4. Service Specific Security Requirements
  5. TELUS Group Compliance
  6. Security Communication and Compliance Monitoring
  7. Security clearances
  8. Network & GPS Infrastructure Access
  9. GPS Group Information Access
  10. Physical Access
  11. Monitoring
  12. Security Records and Reporting
  13. Court Orders or other Lawful Requirements
  14. Security Investigations
  15. Incident Response
  16. Security Threat and Risk Assessment
  17. Compliance
  18. Network and Administrative Security
  19. Facility Security
  20. Integrity of Information
  21. Equipment Security
  22. Destruction of Information
  23. Reporting
  24. Security Screening Requirements
  25. Personal Security
  26. GPS Infrastructure Acceptable Use
  27. Adherence to GPS Group Security Safeguards
  28. Material Breach
  29. Security Representatives
  30. Call Detail Reports
  31. Logging
  32. Monitoring
  33. Auditing
  34. Remote Access
  35. Controls
  36. Security
  37. Vulnerability Management
  38. Vulnerability Scanning
  39. Change Control
  40. Asset Management
  41. Workstation Security
  42. Passcodes

 Next Page: Schedule S - Installation Standards