-
Notifications
You must be signed in to change notification settings - Fork 0
COP Security Policy
The Public Health Data Center of Practice (PDCP) takes security seriously, but we also believe in making things easy and approachable. That's why we're providing this Cloud Security Policy to guide everyone who uses our cloud resources, whether you're a developer, researcher, or anything in between. By working together and being aware of security best practices, we can ensure that our cloud is secure, reliable, and always available.
At the PDCP, we believe that security is everyone's responsibility. While we have security measures in place to keep our cloud resources secure, we also need your help to ensure that our cloud is secure. That means being aware of security best practices and making sure that you're following them when you use our cloud resources.
Security COP-Incident-Management-Policy
We take the security of our cloud resources seriously, and we want to ensure that we're always in compliance with the Government of Canada IT security standards. That means that our cloud resources will always be configured and maintained to align with these standards. We will also work with you to ensure that any cloud resources you use are also in compliance with these standards.
To help ensure the security of our cloud resources, we encourage everyone to use modern IT security tools and processes. This includes things like two-factor authentication, password managers, and encryption. We also encourage the use of modern cloud resources, such as serverless computing, which can help improve security by reducing the attack surface.
SSL certificates are important for securing web traffic, but they can be expensive and difficult to manage. That's why we encourage everyone to use Let's Encrypt, which provides free SSL certificates that are easy to manage.
One of the best ways to improve security is to have code repositories that can be audited and reviewed. We encourage everyone to use code repositories to ensure that their code is secure and up to date. We also encourage the use of version control systems, which can help ensure that code is properly managed and tracked over time.
Despite our best efforts, incidents and events can still occur. That's why we encourage everyone to follow proper incident and event management procedures. This includes things like reporting incidents and events in a timely manner, conducting post-incident reviews, and learning from incidents to improve our overall security posture.
We hope that this Cloud Security Policy helps you understand our approach to security and how we can all work together to keep our cloud resources secure. If you have any questions or concerns, please don't hesitate to reach out to us.
🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧
Under Development
- This wiki and the documents being developed under it are living documents.
- They are all pre-decisional.
- Some of these documents were generated using chatGPT or were developed by other organizations for reuse and adaptation.
- Some of the documents in this wiki are in early early drafts, they make reference to things that do no exist or to process not yet being used.
- The Center of practice(COP) is best effort and will be developed iteratively. This includes the technology supporting the COP
- At the early stages of the COP expect change; short life cycles and rapid changes. Plan accordingly.
- Stability in the COP will materialize over time.
- For immediate reference engage your COP support channel, use the documentation as a secondary source.
- There is reference to the COP and PDCP in the documentation, these are the same entity. We haven't picked a name yet :)
All of the pages in this wiki should be considered draft, underdevelopment and needing review. None of these pages are official documentation. All of the pages are a work in progress and discussion is encouraged via the GitHub issues mechanism.
🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧