Data Location
"The Contractor must store and protect Canada’s Data, at rest, including data in backups or maintained for redundancy purposes. This includes the ability to isolate data in Canada in approved data centers. An approved Data Centre is defined as the following:
(a) A data centre that meets all security requirements and certifications identified in Section 30 for Physical (Data Centre / Facilities) Security;
(b) Ensures the infeasibility of finding a specific customer’s data on physical media; and
(c) Employs encryption to ensure that no data is written to disk in an unencrypted form, in accordance with Section 13 - Cryptographic
Protection."
Data Location "The Contractor must certify that the delivery and provisioning of Cloud Services under this contract is from countries within the North Atlantic Treaty Organization (NATO) (https://www.nato.int/cps/en/natohq/nato_countries.htm) or the European Union (EU) (https://europa.eu/european-union/about-eu/countries_en), or from countries with which Canada has an international bilateral industrial security instrument. The Contract Security Program (CSP) has international bilateral industrial security instruments
with the countries listed on the following PSPC website: http://www.tpsgcpwgsc.gc.ca/esc-src/international-eng.html "
Data Location "The Contractor must have the ability for Canada to isolate Canada’s Data hosted in Cloud Services in data centers that are geographically located in Canada, and must:
(a) Provide the GC with an up-to-date list of the physical locations, including city, which may store Canada’s Data at rest; and
(b) Identify which portions of the Cloud Services are delivered from outside of Canada, including all locations where data is stored and processed and where the Contractor manages the service from."