Data Sovereignty and Cyber Security

Securing Your Data and ATLAS™

Canadian Data Sovereignty Policy Statement

Purpose

This policy outlines the principles governing data sovereignty for cloud and managed service environments. It is intended to provide customers with assurance that their information is managed in accordance with Canadian data residency and sovereignty requirements..

Policy Statement

Cloud and managed services are designed and operated to prioritize Canadian data sovereignty and the protection of customer information.

Data Residency

Customer data, including primary production data, backups, and operational metadata associated with the delivery of services, is hosted and stored within Canadian data centres.

Customer data is not intentionally transferred outside of Canada as part of normal service operations unless explicitly authorized by the customer or required by applicable law.

Service Delivery

Managed services are delivered from Canadian operations and infrastructure. Administrative systems and operational processes are designed to support the secure management of customer environments while maintaining Canadian data residency objectives.

Data Processing

  • Customer information is processed within Canada during normal operations, including:
  • Application hosting;
  • Data storage;
  • Backup and recovery operations;
  • Disaster recovery services;
  • Monitoring and operational support;
  • Security event monitoring and incident response.


Third-Party Services

Where third-party technologies are incorporated into service delivery, their impact on data residency and sovereignty requirements is evaluated. Services that require customer data to leave Canada are only utilized where contractually agreed or operationally necessary and disclosed to the customer.

Security and Privacy

Administrative, technical, and physical safeguards are implemented to protect customer information against unauthorized access, disclosure, alteration, and destruction while supporting applicable Canadian privacy and security obligations.

Customer Transparency

Customers are provided with information regarding service architectures, data flows, and hosting arrangements to support governance, compliance, and regulatory requirements.

Cyber Security Introduction

Get Ready Online Inc. is committed to maintaining a robust cybersecurity posture. This policy document underscores our dedication to securing our proprietary web application ATLAS-Leadingtheway™, protecting user data, and ensuring business continuity. Recognizing that cybersecurity is a dynamic field, we pledge to continuously adapt our practices to mitigate emerging threats and adhere to industry best practices.

Objective

This policy aims to maintain the integrity and security of our Information Technology Systems, thereby supporting our mission of providing reliable and secure service to our clients.

Policy Scope

This policy applies to all employees, contractors, and third-party vendors associated with Get Ready Online Inc., covering all technological and information assets.

Core Security Measures

System Redundancy

High Availability and Redundancy: Our infrastructure includes redundant application servers and automatic fallback mechanisms to minimize service interruption.

Data Backup and Mirroring: Real-time mirroring and file synchronization between primary and backup systems ensure continuous data availability. Automatic backups are performed three times per day, with options for point-in-time restoration within the previous seven days. Offsite backups are maintained for disaster recovery purposes.

Failover and Recovery

Proactive Failover Testing: Weekly testing of backup systems to ensure seamless transition during primary system failures.

Continuous Monitoring: Use of application event tracking and performance metrics, coupled with real-time alerts to notify administrators of system irregularities or failures.

Data Security

End-to-End Security: Data transmission is secured via TLS/SSL, and sensitive data at rest is encrypted using robust encryption algorithms. Access to databases is restricted within our private network, with strictly whitelisted public internet requests.

Authentication and Authorization: Role-based access control limits system access to authorized personnel only. A select group of senior staff can access our administration portal on the ATLAS-LeadingtheWay™ platform.

Application and Network Security

Web Application Firewall (WAF): Protection against common attacks such as SQL injection, XSS, and CSRF.

Regular Patching and Updates: Ensures all software components are current with the latest security patches.

Security Practices and Awareness

Employee Training: Mandatory annual cybersecurity training for all employees to reinforce security awareness and risk management.

Security Culture: Promotes an organizational culture attentive to security concerns and incident reporting.

Compliance and Vendor Management

Regulatory Compliance: Regular audits assess application compliance with cybersecurity standards and regulations, including SOC2, SOC3, GDPR, HIPAA, ISO 27001.

Vendor Security: Ensures that all third-party vendors adhere to stringent security requirements and contractual obligations.

Commitment

As cybersecurity threats evolve, so will our strategies and practices. Get Ready Online Inc. is dedicated to safeguarding our web application, protecting user data, and enhancing our security measures to confront new challenges effectively.

Conclusion

Through the implementation of this policy, Get Ready Online Inc. demonstrates its unwavering commitment to security and continuous improvement in our cybersecurity endeavours.