Data Governance-Part 8: Framework for Geo-Residency and Sovereignty

Designation Number:
CAN-CIOSC 100-8
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
New Standard
ICS code(s):
35.020; 35.030
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Scope
Note: CIO Strategy Council announced an organizational name change to the Digital Governance Council (DGC), effective January 30, 2023 and the creation of a new standards development division, Digital Governance Standards Institute (DGSI). This proposed standard aims to specify the minimum requirements for organizations to protect data and assets that reside in foreign entities, while taking advantage of the global technology eco-systems. The standard is not intended to prescribe how an organization should implement controls. Instead, the standard will guide organizations using jurisdictional and technological agnostic approaches due to differences across sectors. Considerations are given to: - Organizations developing and supporting SaaS Cloud Service products, hosted from outside of their resident nation; - Reliance on foreign entities for redundancy and resiliency (network connectivity as an example); - Reliance on foreign controlled assets, both internal and external; - Reality situations data and assets leaving the resident nation (aircraft, payment data, PII Data, Intellectual Property, Health Data, Automotive data, Other Devices); - Benefits of using Global assets; - Challenges of using Global assets; - Economic realities; and - Steps to mitigate associated risks. - Data sets and assets that reside in country i.e. promotion of national interests. This standard applies to all sectors, including public and private companies, government entities, and not-for-profit organizations.

Project need:

Project Need
Organizations must now take into account the geo-political landscape and consider the inherent risks when storing data and assets in a foreign environment. All scenarios must now be examined, and risk assessments and recovery plans must be put in-place to address what could happen to their data and/or assets should the political climate change in the residing nation.

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.