GC Notify is built for the needs of government services. It has processes in place to:
- protect user data.
- keep systems secure.
- manage risks around information.
On GC Notify, data is encrypted:
- when it passes through the service.
- when it’s stored on the service.
To protect data, GC Notify does not store it longer than it needs to. All data, including email addresses, phone numbers, and information in personalised messages are stored within the system database for 7 days by default. The exception is data files uploaded to the system. These are held for 30 days to allow for advanced scheduling of emails. This means that if there ever were a data breach, the impact would be limited to only 7-30 days.
See the Privacy statement for more information on how personal information is handled by GC Notify.
GC Notify is hosted in an Amazon Web Services (AWS) cloud instance located in 3 availability zones in the Montreal region, with Shared Services Canada (SSC) guardrails designed to create a Protected B medium availability, medium integrity (PBMM) environment.
Other technical security controls include:
implementation of security controls from
- Treasury Board of Canada Secretariat (TBS) cloud guardrails.
- TBS security playbook.
- Canadian Centre for Cyber Security (CCCS) Information Technology Security Guidance (ITSG-33).
- protective monitoring to record activity, and raise alerts about any suspicious activity.
- the option to use JSON Web Tokens instead of API keys when your service talks to GC Notify.
Protect sensitive information
Some messages include sensitive information like security codes or password reset links.
If you’re sending a message with sensitive information, you can choose to hide those details on the GC Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.
GC Notify also has alarms in place that flag if administrators access services with notifications that might be sensitive.
User permissions and signing in
You can set different user permissions in GC Notify. This lets you control who in your team has access to certain parts of the service.
To create an account on GC Notify, you’ll need to enter:
- your email address and password.
- a code that GC Notify sends to your email or phone.
Once you have signed in, you can add a hardware-based security key to further increase the security of your account.
If you are having issues creating or accessing your account, email our support team at firstname.lastname@example.org.
Information risk management
Our approach to information risk management follows TBS guidance. It assesses:
- how GC Notify is built.
- the infrastructure GC Notify is built upon.
- support for the GC Notify service.
This approach also applies to the service providers GC Notify uses to send messages.
How we manage risks on GC Notify
Things we do to manage risks include:
- internal and third-party security audits.
- formal risk assessments based on TBS and CCCS guidance.
- residual risk statement preparation and active management of the risk treatment plan.
- security impact assessments.
- third-party penetration testing.
Authority to Operate
GC Notify has been assessed and authorized for operation by the CDS Chief Executive Officer, as the senior authorizing official for the service. This ATO will be re-assessed on at least an annual basis.
You can use GC Notify to send messages designated up to and including “Protected A” per the Standard on Security Categorization.
Messages should not include “Protected B” information as both emails and text messages sent to the public are not end-to-end encrypted.
Should an incident happen, we have a comprehensive incident response and customer notification procedures in place.
Should you suspect a security breach or have discovered a vulnerability in the service, email us at email@example.com and we’ll investigate immediately.