CSP IT Security assessment The Contractor must demonstrate compliance with the security requirements selected in the GC Security Control Profile for Cloud-Based GC IT Services for Protected B, Medium Integrity and Medium Availability (PBMM) (https://www.canada.ca/en/government/system/digital-government/modernemergingtechnologies/cloud-computing/government-canada-security-controlprofile-cloud-based-itservices.html). Contractor compliance must be demonstrated through the mapping of security controls to the applicable industry certifications identified below: (a) Compliance will be assessed and validated through the Canadian Centre for Cyber Security (CCCS) Cloud Service Provider (CSP) Information Technology (IT) Security Assessment Process (ITSM.50.100) (https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technologysecurity-assessment-process-itsm50100). The Contractor must demonstrate that they participated in the process by successfully on-boarded, participated in, and completed the program. This includes providing the following documentation: (i) A copy of the confirmation letter that confirms that they have on-boarded into the program; (ii) A copy of the most recent completed assessment report provided by CCCS; and (iii) A copy of the most recent summary report provided by CCCS.