Data Sovereignty and Cyber Security
Securing Your Data and ATLAS™
Canadian Data Sovereignty Policy Statement
Purpose
This policy outlines the principles governing data sovereignty for cloud and managed service environments. It is intended to provide customers with assurance that their information is managed in accordance with Canadian data residency and sovereignty requirements..
Policy Statement
Cloud and managed services are designed and operated to prioritize Canadian data sovereignty and the protection of customer information.
Data Residency
Customer data, including primary production data, backups, and operational metadata associated with the delivery of services, is hosted and stored within Canadian data centres.
Customer data is not intentionally transferred outside of Canada as part of normal service operations unless explicitly authorized by the customer or required by applicable law.
Service Delivery
Managed services are delivered from Canadian operations and infrastructure. Administrative systems and operational processes are designed to support the secure management of customer environments while maintaining Canadian data residency objectives.
Data Processing
- Customer information is processed within Canada during normal operations, including:
- Application hosting;
- Data storage;
- Backup and recovery operations;
- Disaster recovery services;
- Monitoring and operational support;
- Security event monitoring and incident response.
Third-Party Services
Where third-party technologies are incorporated into service delivery, their impact on data residency and sovereignty requirements is evaluated. Services that require customer data to leave Canada are only utilized where contractually agreed or operationally necessary and disclosed to the customer.
Security and Privacy
Administrative, technical, and physical safeguards are implemented to protect customer information against unauthorized access, disclosure, alteration, and destruction while supporting applicable Canadian privacy and security obligations.
Customer Transparency
Customers are provided with information regarding service architectures, data flows, and hosting arrangements to support governance, compliance, and regulatory requirements.
Cyber Security Introduction
Get Ready Online Inc. is committed to maintaining a robust cybersecurity posture. This policy document underscores our dedication to securing our proprietary web application ATLAS-Leadingtheway™, protecting user data, and ensuring business continuity. Recognizing that cybersecurity is a dynamic field, we pledge to continuously adapt our practices to mitigate emerging threats and adhere to industry best practices.
Objective
This policy aims to maintain the integrity and security of our Information Technology Systems, thereby supporting our mission of providing reliable and secure service to our clients.
Policy Scope
This policy applies to all employees, contractors, and third-party vendors associated with Get Ready Online Inc., covering all technological and information assets.
Core Security Measures
System Redundancy
High Availability and Redundancy: Our infrastructure includes redundant application servers and automatic fallback mechanisms to minimize service interruption.
Data Backup and Mirroring: Real-time mirroring and file synchronization between primary and backup systems ensure continuous data availability. Automatic backups are performed three times per day, with options for point-in-time restoration within the previous seven days. Offsite backups are maintained for disaster recovery purposes.
Failover and Recovery
Proactive Failover Testing: Weekly testing of backup systems to ensure seamless transition during primary system failures.
Continuous Monitoring: Use of application event tracking and performance metrics, coupled with real-time alerts to notify administrators of system irregularities or failures.
Data Security
End-to-End Security: Data transmission is secured via TLS/SSL, and sensitive data at rest is encrypted using robust encryption algorithms. Access to databases is restricted within our private network, with strictly whitelisted public internet requests.
Authentication and Authorization: Role-based access control limits system access to authorized personnel only. A select group of senior staff can access our administration portal on the ATLAS-LeadingtheWay™ platform.
Application and Network Security
Web Application Firewall (WAF): Protection against common attacks such as SQL injection, XSS, and CSRF.
Regular Patching and Updates: Ensures all software components are current with the latest security patches.
Security Practices and Awareness
Employee Training: Mandatory annual cybersecurity training for all employees to reinforce security awareness and risk management.
Security Culture: Promotes an organizational culture attentive to security concerns and incident reporting.
Compliance and Vendor Management
Regulatory Compliance: Regular audits assess application compliance with cybersecurity standards and regulations, including SOC2, SOC3, GDPR, HIPAA, ISO 27001.
Vendor Security: Ensures that all third-party vendors adhere to stringent security requirements and contractual obligations.
Commitment
As cybersecurity threats evolve, so will our strategies and practices. Get Ready Online Inc. is dedicated to safeguarding our web application, protecting user data, and enhancing our security measures to confront new challenges effectively.
Conclusion
Through the implementation of this policy, Get Ready Online Inc. demonstrates its unwavering commitment to security and continuous improvement in our cybersecurity endeavours.