Third party assurance The Contractor must ensure that Canada’s Data, Contractor Infrastructure and Service Locations are secured with appropriate security measures by providing third party assesment reports or certifications and audit reports for each layer (computers, computing environment, physical data centers) within the cloud service offering, including: (a) ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems – Certification achieved by an accredited certification body; AND (b) ISO/IEC 27017:2015 Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for Cloud Services achieved by an accredited certification body; AND (c) AICPA Service Organization Control (SOC) 2 Type II Audit Report 2 Type II for the trust principles of security, availability, processing integrity, and confidentiality - issued by an independent Certified Public Accountant