Government of British Columbia Information Technology Security Standards are published in Section 6 of the IM/IT Standards. These standards cover cryptographic security, mandatory practices for application and web development, mobile device security, access controls and more.
Below are supporting documents related to the NRM, or services that NRIDS Security provides. The team can assist in navigating questions related to any of the IT Security standards, please submit a ticket to the Security Information Ticket Hub (SITH): Security Information Ticket Hub - Service project (gov.bc.ca) (IDIR required).
Security Threat and Risk Assessment (STRA) (Mandatory)
A Security Threat and Risk Assessment must be conducted for all information technology projects when developing, implementing major changes to an IT system, purchasing or building a new product.
Section 6.11 on the IM/IT Standards page defines requirements for a Security Threat and Risk Assessment (STRA) of a government information system
The Security Threat Risk Assessment Specifications define roles and responsibilities when completing a STRA.
Watch the STRA Training Videos to learn more about the STRA process.
To request a STRA for an IT system or product in use within the Natural Resource Ministries (NRM) use the SITH Security Information Ticket Hub - Service project (gov.bc.ca) (IDIR required).
Cloud Security Schedule
If cloud resources are used in the development of a business application a cloud security schedule is a required part of the contract.
Cloud security schedule is addressed in IMIT Standard 6.30.
See also:
Please contact us via email for any inquiries related to the SDLC.